According to Cointelegraph, North Korean hackers have reportedly intensified their social engineering scams aimed at stealing cryptocurrencies by infiltrating numerous large, multinational information technology companies. At the Cyberwarcon cybersecurity conference, researchers identified two North Korean hacker groups, "Sapphire Sleet" and "Ruby Sleet," as key players in these operations.
Sapphire Sleet has been targeting individuals through fraudulent employment schemes, posing as legitimate recruiters to lure victims into interviews or job offers. During these interactions, the hackers infect the victims' computers with malware disguised as PDF files or malicious links. Meanwhile, Ruby Sleet has successfully infiltrated aerospace and defense contractors in the United States, the United Kingdom, and South Korea, aiming to steal military secrets. The report also highlights that North Korean IT workers are using fake identities, crafted through AI, social media, and voice-changing technologies, to infiltrate companies and execute recruitment scams.
The threat posed by North Korean hackers to the cryptocurrency industry is not new. Prior to the Cyberwarcon warning, hackers linked to the DPRK regime had already been targeting cryptocurrency firms using similar tactics. In August, onchain investigator ZackXBT identified 21 developers, believed to be North Koreans, working on various crypto projects under fake identities. In September, the Federal Bureau of Investigation (FBI) issued a warning about North Korean hackers targeting crypto companies and decentralized finance projects with malware disguised as employment offers. Once users downloaded the malware or clicked on malicious links, their private keys were at risk of being stolen.
In October, concerns arose within the Cosmos ecosystem regarding its Liquid Staking Module, which was allegedly developed by North Korean developers. Jacob Gadikian, a Cosmos ecosystem developer, remarked that the individuals behind the LSM are among the world's most skilled and prolific crypto thieves. This prompted several security audits of the Cosmos Liquid Staking Module due to fears of backdoors and other malicious code. The ongoing threat from North Korean hackers underscores the need for heightened cybersecurity measures within the cryptocurrency and IT sectors.