North Korean hackers have stolen billions in cryptocurrency and sensitive corporate data by impersonating venture capitalists, recruiters, and remote IT workers.
Researchers made the revelations during Cyberwarcon, an annual cybersecurity conference, on Nov. 29.
According to Microsoft security researcher James Elliott, North Korean operatives have infiltrated hundreds of global organizations by creating false identities.
Using tactics ranging from sophisticated AI-generated profiles to malware-laden recruitment campaigns, these hackers have funneled stolen assets to the regime’s nuclear weapons program, circumventing international sanctions.
According to Elliott:
“North Korean IT workers represent a triple threat.”
He emphasized their ability to earn a legitimate income, steal corporate secrets, and extort companies by threatening to expose stolen data in the modern world of remote work.
Evolving cyber tactics
The hackers employ a range of schemes to target companies. One group, dubbed “Ruby Sleet” by Microsoft, focuses on aerospace and defense firms stealing information to advance North Korea’s weapons technology.
Another, “Sapphire Sleet,” poses as recruiters and venture capitalists, tricking victims into downloading malware disguised as tools or assessments.
In one campaign, hackers stole $10 million in cryptocurrency over six months by targeting individuals and companies with fake virtual meeting setups. Hackers staged technical issues during the meetings to coerce victims into installing malware.
The most persistent threat stems from North Korean operatives posing as remote workers. These bad actors establish convincing online personas using LinkedIn profiles, GitHub repositories, and AI-generated deepfakes to take advantage of the global shift to remote work.
Once hired, these operatives direct company-issued laptops to US-based facilitators, who set up farms of devices preloaded with remote access software. This allows North Korean agents to operate from locations such as Russia and China.
Elliott revealed that Microsoft uncovered detailed operational plans, including fake resumes and identity dossiers, from a misconfigured repository belonging to a North Korean operative.
Elliott said:
“It was the entire playbook.”
Calls for heightened vigilance
While sanctions and public warnings have been issued, North Korean hacking groups continue to evade consequences.
Earlier this year, US prosecutors charged individuals connected to laptop farming, and the FBI cautioned companies about using AI-generated deepfakes in employment scams.
Researchers emphasized the need for stricter employee verification processes. Elliott pointed to common red flags, including linguistic errors and inconsistencies in geographic data, that could help companies identify suspicious applicants.
“This is not a fleeting issue. North Korea’s cyber campaigns are a long-term threat that demands constant vigilance.”
With cyber deception evolving rapidly, the global business community is under mounting pressure to adapt and strengthen its defenses against these sophisticated threats.
The post North Korean hackers impersonate tech professionals to steal billions in crypto appeared first on CryptoSlate.
