Hackers Steal $10M Via LinkedIn

Uploaded on 2024-11-25 in TECHNOLOGY-Key Areas-Social Media, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW

The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns over a six-month period.  Sapphire Sleet, which is known to be active since at least 2020, overlaps with hacking groups tracked as APT38 and BlueNoroff. 

According to Microsoft, there are multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both recruiters and job seekers to generate illicit revenue for the impoverished nation.

In November 2023 Microsoft  reported that the threat actor had established infrastructure that impersonated skills assessment portals to carry out its social engineering campaigns. While their methods have changed throughout the years, the primary scheme used by Sapphire Sleet over the past year and a half is to masquerade as a venture capitalist, feigning interest in investing in the target user’s company. 

The threat actor sets up an online meeting with a target user. On the day of the meeting, when the target user attempts to connect to the meeting, the user receives either a frozen screen or an error message stating that the user should contact the room administrator or support team for assistance. When the target contacts the threat actor, the threat actor sends a script – a .scptfile (Mac) or a Visual Basic Script (.vbs) file (Windows) – to “fix the connection issue”. This script leads to malware being downloaded onto the target user’s device. 

The threat actor then works towards obtaining cryptocurrency wallet credentials on the compromised device, enabling theft.

Sapphire Sleet has been identified masquerading as a recruiters for high profile financial services firms on LinkedIn to reach out to prospective targets and ask them to complete a skills assessment hosted on a website under their control. In some instances, they have also been found using Artificial Intelligence (AI) tools like Faceswap to modify photos and documents stolen from victims or show them against the backdrop of professional-looking settings. These pictures are then used on resumes or profiles, sometimes for several personas, that are submitted for job applications.

 "In addition to using AI to assist with creating images used with job applications, North Korean IT workers are experimenting with other AI technologies such as voice-changing software... The North Korean IT workers appear to be very organised when it comes to tracking payments received. Overall, this group of North Korean IT workers appears to have made at least 370,000 US dollars through their efforts." " Microsoft said.

In response, the US State Department has announced it will pay a reward of up to $10 million for information about individuals associated with these malicious cyber groups linked to North Korea.

Microsoft  |   LinkedIn   |   NKNews   |   Hacker News   |    Fortune  |    Spiceworks      

Image: 

You Might Also Read: 

North Korean IT Contractor Fraud:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 





 

« Cyber Attacks On Britain's Water Supply
Phishing Scheme That Generated $11M Taken Down »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Performanta

Performanta

Performanta offer a consultative approach to people, process and technology, focusing on security projects in line with adversarial, accidental and environmental business risk.

KPN Security

KPN Security

KPN Security is the largest and most complete provider of IT security services in the Netherlands.

Wireless Logic

Wireless Logic

Wireless Logic delivers a range of secure and resilient value-added M2M/IoT managed services that empower remote devices to communicate cost-effectively, two ways.

TechCERT

TechCERT

TechCERT is Sri Lanka’s first and largest Computer Emergency Readiness Team (CERT).

CYSEC NG

CYSEC NG

Cyber Security Challenge Nigeria Initiative (CYSEC NG) is the first, and largest offensive premier Cyber Conference and Hacking event in Africa.

Secure Code Warrior

Secure Code Warrior

Secure your code from the start with gamified, scalable online secure coding training for software developers.

Ashley Page

Ashley Page

Ashley Page offer a unique cyber insurance and risk management solution - Cyber+Insure.

GB Group (GBG)

GB Group (GBG)

GBG is a global technology specialist in fraud, location and identity data intelligence.

Factmata

Factmata

Factmata is an social and news media monitoring and analytics product that uses AI to identify and track narratives online, highlighting those most likely to cause brand harm or misinform the public.

Corona IT Solutions

Corona IT Solutions

At Corona IT Solutions, our team of specialists in networking, wireless and VoIP are dedicated to providing proactive monitoring and management of your IT systems.

Umbrella Cyber

Umbrella Cyber

Umbrella Cyber specialises in Cyber Essentials and Cyber Essentials Plus Certification and penetration testing.

Iron EagleX

Iron EagleX

Iron EagleX deliver engineering solutions in cloud computing, big data, cyber, and machine learning technologies to US Government customers.

Bastion Security Group

Bastion Security Group

Bastion Security combines the skills, expertise and leadership from Quantum Security, ZX Security, Helix Security and Cassini.

INTfinity Consulting

INTfinity Consulting

The INTfinity team brings together decades of professional experience in cybersecurity. We're here to apply that same experience and proficiency in defending your networks.

CirrusHQ

CirrusHQ

CirrusHQ are a Specialist AWS Advanced Consulting Partner with a focus on Cloud Management, DevOps, Migration and Consulting Services for the private and public sectors.

4Geeks Academy

4Geeks Academy

4Geeks Academy hosts coding bootcamps that provide students with job-ready tech skills.