北韓駭客擴大社會工程詐騙，滲透跨國 IT 公司竊取加密貨幣

據報道，與北韓政府有聯繫的駭客透過滲透「數百家」大型跨國資訊科技公司，擴大了旨在竊取加密貨幣的社會工程騙局。

North Korean government-linked hackers are reportedly expanding their social engineering scams to pilfer cryptocurrencies by infiltrating ‘hundreds’ of large, multinational information technology firms.

據報道，與北韓政府有聯繫的駭客正在擴大他們的社會工程詐騙，透過滲透「數百家」大型跨國資訊科技公司來竊取加密貨幣。

Researchers at the Cyberwarcon cybersecurity conference identified two North Korean hacker groups called “Sapphire Sleet” and “Ruby Sleet,” according to a report by TechCrunch.

根據 TechCrunch 報導，Cyber​​warcon 網路安全會議的研究人員發現了兩個北韓駭客組織，分別為「Sapphire Sleet」和「Ruby Sleet」。

Sapphire Sleet targeted individuals through fraudulent employment schemes by posing as legitimate recruiters and luring unsuspecting victims into interviews or other offers of employment. At some point during the interview process, the hackers would infect the users’ computers with malware disguised as picture-document files (PDFs) or malicious links.

Sapphire Sleet 透過冒充合法招募人員並引誘毫無戒心的受害者參加面試或提供其他就業機會，透過欺詐性就業計畫來針對個人。在訪談過程中的某個時刻，駭客會用偽裝成圖片文件檔案 (PDF) 或惡意連結的惡意軟體感染使用者的電腦。

Meanwhile, Ruby Sleet managed to infiltrate aerospace and defense contractors in the United States, the United Kingdom, and South Korea to steal military secrets.

同時，Ruby Sleet 成功滲透到美國、英國和韓國的航空航天和國防承包商中，竊取軍事機密。

The report also noted that the North Korean IT workers used fake identities crafted through AI, social media, and voice-changing technologies to infiltrate the companies and carry out recruitment scams.

報告還指出，北韓 IT 員工利用人工智慧、社群媒體和變聲技術製作的虛假身分滲透到公司並實施招聘詐騙。

Crypto theft for November 2024. Source: Immunefi, Because Bitcoin

2024 年 11 月加密貨幣竊盜情況。

North Korean hackers have been targeting the crypto industry for a while now. As early as 2021, researchers claimed to have uncovered a North Korean crypto scam involving fake identities.

北韓駭客瞄準加密貨幣產業已經有一段時間了。早在 2021 年，研究人員就聲稱發現了北韓涉及虛假身分的加密貨幣騙局。

Later in 2022, the Federal Bureau of Investigation (FBI) warned that North Korean hackers were targeting crypto companies and decentralized finance (DeFi) projects with malware disguised as employment offers. Once the user downloaded the malware or clicked a malicious link, their private keys would be stolen.

2022 年晚些時候，美國聯邦調查局 (FBI) 警告稱，北韓駭客利用偽裝成就業機會的惡意軟體瞄準加密公司和去中心化金融 (DeFi) 計畫。一旦用戶下載了惡意軟體或點擊了惡意鏈接，他們的私鑰就會被盜。

More recently, the Cosmos ecosystem faced concerns over its Liquid Staking Module, which was allegedly built by North Korean developers. At the time, Cosmos ecosystem developer Jacob Gadikian said, “The people who built the LSM are the world’s most skilled and prolific crypto thieves.” The threat of backdoors and other malicious lines of code prompted several security audits of the Cosmos Liquid Staking Module.

最近，Cosmos 生態系統面臨對其 Liquid Stake 模組的擔憂，該模組據稱是由北韓開發商建造的。當時，Cosmos 生態系統開發人員 Jacob Gadikian 表示，“構建 LSM 的人是世界上最熟練、最多產的加密竊賊。”後門和其他惡意程式碼行的威脅促使對 Cosmos Liquid Stake 模組進行了許多安全審計。