Cybersecurity researchers presenting at the Cyberwarcon conference in Washington, D.C., described how North Korean hackers posed as fake venture capitalists, recruiters, and remote workers to gain access to organizations' computer systems. He explained in detail how he steals cryptocurrencies and trade secrets. Tactics include hiring U.S.-based “middle men” to operate employer-issued laptops and receiving proceeds into U.S. bank accounts while the hackers are holed up in North Korea. . Researchers said hacker groups have stolen more than US$1 billion in cryptocurrencies over the past decade, much of which has been funneled into North Korea's nuclear weapons program.
North Koreans are coming after valuable virtual currency!
As reported by TechCrunch, cybersecurity researchers presenting at the Cyberwarcon conference in Washington, D.C., on Nov. 29, said North Korea's large network of sophisticated hacking groups He explained the threat in detail.
These hacker groups are currently actively targeting large global organizations and stealing their cryptocurrencies. And it's not just cryptocurrencies that they're targeting. Hackers pose as recruiters, venture capitalists, and fake remote workers to funnel money to regimes and obtain trade secrets and intellectual property.
Researchers say North Korean hacker groups have stolen more than US$1 billion (A$1.5 billion) in cryptocurrencies over the past decade, with the funds largely used to help the North Korean regime evade international sanctions. He said the money had been used to fund nuclear weapons development programs.
Related: North Korean hackers unleash new 'Dorian' malware targeting South Korean crypto companies, Kaspersky report reveals
How do these hackers steal valuable cryptography?
In a bull market, crypto enthusiasts' thinking tends toward two things: 1) Lambo. 2) How bad would it be if someone stole your valuable cryptocurrencies and took your Lambo?
Impressions of the average Degen artist checking out their portfolio.
If your mind is preoccupied with Lambo right now, your first thought when you learn about these hacking groups is probably, “Is the average citizen at risk from these hacking groups?'' Is that so?”
Hackers are probably not the main threat faced by the average cryptocurrency investor, as they primarily target large organizations. (That said, keep your crypto safe, never share your private keys, and beware of scams.)
Researchers say hacker groups have taken advantage of the rise in remote work and online meetings since the coronavirus outbreak in 2020, making it easier for them to impersonate venture capitalists, recruiters and remote workers. .
In a venture capitalist or recruiter scenario, once a hacker gains the victim's trust, they set up an online meeting and have the victim unknowingly install malware. That is, by pressuring you to download tools to resolve technical issues during the attack. This can also be done by attending a meeting or by downloading and completing a “skills assessment” that also includes malware. The hacker can then use the malware to gain access to the victim's computer, including the cryptocurrency wallet.
But researchers say the most common and most persistent threat is fake remote workers. These fake workers have really proliferated since COVID-19, and researchers classify them as a “triple threat” because they benefit the North Korean regime in three important ways: I'm doing it.
Earn money directly for the regime through employment as fake workers. Steal trade secrets, intellectual property, and cryptocurrencies. They then use these secrets to try to squeeze even more out of the company.
Microsoft cybersecurity researcher James Elliott said these North Korean IT workers have already created fake identities to infiltrate “hundreds” of organizations around the world. They rely on US-based “intermediaries” to take control of their work-issued laptops and income in order to circumvent sanctions imposed on North Korea and make them appear more legitimate. There is a possibility that there are. Workers then remotely access work-issued computers from North Korea, so employers never know they have North Korean employees.
One North Korean hacker group known as Sapphire Three has been using these tactics to lead cryptocurrency thefts since 2020. According to Microsoft, Sapphire Three stole at least US$10 million in cryptocurrencies from multiple international companies over a six-month period.
Although sanctions and public warnings have been in place for some time, the threat posed by North Korean hacker groups continues to grow. Earlier this year, the FBI issued a special alert warning companies about the risk of AI deepfakes being used in North Korea-based employment fraud leading to the theft of crypto assets stolen from US companies.
For companies operating in or related to the cryptocurrency field, the FBI has warned that North Korea employs sophisticated tactics to steal cryptocurrency funds and that organizations with access to large amounts of cryptocurrency-related assets and products are emphasizes that it is a persistent threat.
FBI Cryptocurrency Theft Alert
Related: North Korean hackers target DeFi, crypto employees, FBI warns
The U.S. Treasury Department, State Department, and Department of Justice also released joint guidance specifically for companies seeking to protect themselves from the threat of North Korean fake remote workers.
