朝鲜黑客扩大社会工程诈骗，通过渗透跨国 IT 公司窃取加密货币

据报道，与朝鲜政府有联系的黑客通过渗透“数百家”大型跨国信息技术公司，扩大了旨在窃取加密货币的社会工程骗局。

North Korean government-linked hackers are reportedly expanding their social engineering scams to pilfer cryptocurrencies by infiltrating ‘hundreds’ of large, multinational information technology firms.

据报道，与朝鲜政府有联系的黑客正在扩大他们的社会工程诈骗，通过渗透“数百家”大型跨国信息技术公司来窃取加密货币。

Researchers at the Cyberwarcon cybersecurity conference identified two North Korean hacker groups called “Sapphire Sleet” and “Ruby Sleet,” according to a report by TechCrunch.

据 TechCrunch 报道，Cyber​​warcon 网络安全会议的研究人员发现了两个朝鲜黑客组织，分别为“Sapphire Sleet”和“Ruby Sleet”。

Sapphire Sleet targeted individuals through fraudulent employment schemes by posing as legitimate recruiters and luring unsuspecting victims into interviews or other offers of employment. At some point during the interview process, the hackers would infect the users’ computers with malware disguised as picture-document files (PDFs) or malicious links.

Sapphire Sleet 通过冒充合法招聘人员并引诱毫无戒心的受害者参加面试或提供其他就业机会，通过欺诈性就业计划来针对个人。在采访过程中的某个时刻，黑客会用伪装成图片文档文件 (PDF) 或恶意链接的恶意软件感染用户的计算机。

Meanwhile, Ruby Sleet managed to infiltrate aerospace and defense contractors in the United States, the United Kingdom, and South Korea to steal military secrets.

与此同时，Ruby Sleet 成功渗透到美国、英国和韩国的航空航天和国防承包商中，窃取军事机密。

The report also noted that the North Korean IT workers used fake identities crafted through AI, social media, and voice-changing technologies to infiltrate the companies and carry out recruitment scams.

报告还指出，朝鲜 IT 员工利用人工智能、社交媒体和变声技术制作的虚假身份渗透到公司并实施招聘诈骗。

Crypto theft for November 2024. Source: Immunefi, Because Bitcoin

2024 年 11 月加密货币盗窃情况。来源：Immunefi，因为比特币

North Korean hackers have been targeting the crypto industry for a while now. As early as 2021, researchers claimed to have uncovered a North Korean crypto scam involving fake identities.

朝鲜黑客瞄准加密货币行业已经有一段时间了。早在 2021 年，研究人员就声称发现了朝鲜涉及虚假身份的加密货币骗局。

Later in 2022, the Federal Bureau of Investigation (FBI) warned that North Korean hackers were targeting crypto companies and decentralized finance (DeFi) projects with malware disguised as employment offers. Once the user downloaded the malware or clicked a malicious link, their private keys would be stolen.

2022 年晚些时候，美国联邦调查局 (FBI) 警告称，朝鲜黑客利用伪装成就业机会的恶意软件瞄准加密公司和去中心化金融 (DeFi) 项目。一旦用户下载了恶意软件或点击了恶意链接，他们的私钥就会被盗。

More recently, the Cosmos ecosystem faced concerns over its Liquid Staking Module, which was allegedly built by North Korean developers. At the time, Cosmos ecosystem developer Jacob Gadikian said, “The people who built the LSM are the world’s most skilled and prolific crypto thieves.” The threat of backdoors and other malicious lines of code prompted several security audits of the Cosmos Liquid Staking Module.

最近，Cosmos 生态系统面临对其 Liquid Stake 模块的担忧，该模块据称是由朝鲜开发商建造的。当时，Cosmos 生态系统开发人员 Jacob Gadikian 表示：“构建 LSM 的人是世界上最熟练、最多产的加密窃贼。”后门和其他恶意代码行的威胁促使对 Cosmos Liquid Stake 模块进行了多次安全审计。