According to ChainCatcher, Microsoft detailed in a blog post a group of North Korean hackers known as "Sapphire Sleet" who posed as recruiters and venture capitalists aiming to steal cryptocurrency from individuals and companies. After contacting the target with bait or initial contact, North Korean hackers would arrange a virtual meeting, but the meeting was actually designed to be abnormally loaded.
In one scenario, the impersonator would force the victim to download malware disguised as a fix for a virtual meeting tool. In the fake recruiter campaign, the impostor would ask potential candidates to download and complete a skills assessment that actually contained malware. Once installed, the malware could access other material on the computer, including cryptocurrency wallets. Microsoft said hackers stole at least $10 million in cryptocurrency in six months alone.