North Korean Hackers Intensify Social Engineering Scams Targeting Cryptocurrencies

According to Cointelegraph, North Korean hackers have reportedly intensified their social engineering scams aimed at stealing cryptocurrencies

North Korean hackers are reportedly ramping up their social engineering scams to steal cryptocurrencies, having infiltrated several large, multinational information technology companies, according to a new report by Cointelegraph.

At the Cyberwarcon cybersecurity conference, researchers identified two North Korean hacker groups, "Sapphire Sleet" and "Ruby Sleet," as being central to these operations.

Sapphire Sleet has been targeting individuals through fraudulent employment schemes, posing as legitimate recruiters to lure victims into interviews or job offers. During these interactions, the hackers infect the victims' computers with malware disguised as PDF files or malicious links.

On the other hand, Ruby Sleet has managed to infiltrate aerospace and defense contractors in the United States, the United Kingdom, and South Korea, aiming to steal military secrets.

The report also highlights that North Korean IT workers are using fake identities, crafted through AI, social media, and voice-changing technologies, to infiltrate companies and execute recruitment scams.

The threat posed by North Korean hackers to the cryptocurrency industry is not new. Prior to the Cyberwarcon warning, hackers linked to the DPRK regime had already been targeting cryptocurrency firms using similar tactics.

In August, onchain investigator ZackXBT identified 21 developers, believed to be North Koreans, working on various crypto projects under fake identities.

In September, the Federal Bureau of Investigation (FBI) issued a warning about North Korean hackers targeting crypto companies and decentralized finance projects with malware disguised as employment offers. Once users downloaded the malware or clicked on malicious links, their private keys were at risk of being stolen.

In October, concerns arose within the Cosmos ecosystem regarding its Liquid Staking Module, which was allegedly developed by North Korean developers. Jacob Gadikian, a Cosmos ecosystem developer, remarked that the individuals behind the LSM are among the world's most skilled and prolific crypto thieves.

This prompted several security audits of the Cosmos Liquid Staking Module due to fears of backdoors and other malicious code.

The ongoing threat from North Korean hackers underscores the need for heightened cybersecurity measures within the cryptocurrency and IT sectors.