Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Meta adds support to logy for Android and iOS users

June 19, 2025

Linux’s new drawbacks provide complete root access via PAM and Udisks in major distributions

June 19, 2025

The new malicious company uses Cloudflare tunnels to deliver rats through phishing networks

June 18, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » North Korean Hackers Steal $10 Million Using LinkedIn Scams and AI-Driven Malware
Global Security

North Korean Hackers Steal $10 Million Using LinkedIn Scams and AI-Driven Malware

AdminBy AdminNovember 23, 2024No Comments3 Mins Read
AI-Driven Scams
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


November 23, 2024Ravi LakshmananArtificial Intelligence / Cryptocurrency

Fraud using artificial intelligence

A North Korean-linked individual known as Sapphire Slit is estimated to have stolen more than $10 million worth of cryptocurrency in social engineering campaigns organized over a six-month period.

These findings Microsoft said several threat clusters linked to the country were creating fake LinkedIn profiles posing as both recruiters and job seekers in order to generate illicit profits for the sanctioned country.

Known to be active since at least 2020, Sapphire Sleet aligns with hacker groups tracked as APT38 and BlueNoroff. In November 2023 a technology giant revealed that the threat actor created an infrastructure that mimicked skills assessment portals to conduct its social engineering campaigns.

Cyber ​​security

One of the main methods adopted by the group for more than a year is to pose as a venture capitalist, falsely claiming a stake in a target user’s company in order to set up an online meeting. Entities who fall for the bait and try to join the meeting are shown error messages urging them to contact the room administrator or support for assistance.

When the victim accesses the threat, they are sent either an AppleScript (.scpt) file or a Visual Basic Script (.vbs) file, depending on the operating system used to resolve the alleged connection problem.

Under the hood, the script is used to download malware onto a compromised Mac or Windows machine, ultimately allowing attackers to obtain credentials and cryptocurrency wallets for later theft.

Sapphire Sleet was identified as a recruiter for financial firms such as Goldman Sachs on LinkedIn to contact potential targets and ask them to complete a skills assessment posted on a website they controlled.

“A threat actor sends a login account and password to the targeted user,” Microsoft said. “By logging into the website and downloading the code associated with the skills assessment, the target user downloads malware onto their device, allowing attackers to gain access to the system.”

Redmond also described North Korea sending thousands of IT workers abroad as a triple threat that makes money for the regime through “legitimate” work, allows them to abuse their access to take over intellectual property, and facilitates data theft in exchange for ransom.

“Because it is difficult for a person in North Korea to register for things like a bank account or a phone number, IT workers must use intermediaries to help them access platforms where they can apply for remote work,” it said. “These intermediaries are used by IT workers for tasks such as creating an account on a freelancer website.”

Cyber ​​security

This includes creating fake profiles and portfolios on developer platforms like GitHub and LinkedIn to communicate with recruiters and apply for jobs.

In some cases, they also discovered the use of artificial intelligence (AI) tools such as Faceswap to alter photos and documents stolen from victims, or display them against professional-looking settings. These images are then used in resumes or profiles, sometimes for multiple personas, that are submitted for job applications.

“In addition to using artificial intelligence to help create images used in job applications, North Korean IT workers are experimenting with other artificial intelligence technologies, such as voice-changing software,” Microsoft said.

“North Korean IT workers appear to be very organized when it comes to tracking payments received. In total, this group of North Korean IT workers appears to have earned at least US$370,000 from their efforts.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Meta adds support to logy for Android and iOS users

June 19, 2025

Linux’s new drawbacks provide complete root access via PAM and Udisks in major distributions

June 19, 2025

The new malicious company uses Cloudflare tunnels to deliver rats through phishing networks

June 18, 2025

1500+ Minecraft players infected with malicious Java software

June 18, 2025

Water Prought works 76 GitHub accounts for a multi -stage malicious company

June 18, 2025

Fedramp at starting speed: obtained lessons

June 18, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Meta adds support to logy for Android and iOS users

June 19, 2025

Linux’s new drawbacks provide complete root access via PAM and Udisks in major distributions

June 19, 2025

The new malicious company uses Cloudflare tunnels to deliver rats through phishing networks

June 18, 2025

1500+ Minecraft players infected with malicious Java software

June 18, 2025

Water Prought works 76 GitHub accounts for a multi -stage malicious company

June 18, 2025

Fedramp at starting speed: obtained lessons

June 18, 2025

CISA warns about the active exploitation of vulnerability of the Linux kernel escalation

June 18, 2025

Ex-Analytics-Tsru, sentenced to 37 months for leaks of secret documents on national protection

June 18, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Meta adds support to logy for Android and iOS users

June 19, 2025

Linux’s new drawbacks provide complete root access via PAM and Udisks in major distributions

June 19, 2025

The new malicious company uses Cloudflare tunnels to deliver rats through phishing networks

June 18, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.