North Korean cybercriminals, operating under the alias Sapphire Sleet, have allegedly pilfered more than $10 million in cryptocurrency by employing advanced social engineering techniques over a span of six months. Microsoft has associated this group with several threat activity clusters linked to North Korea, such as APT38 and BlueNoroff, and has noted their strategy of creating counterfeit LinkedIn profiles to masquerade as both recruiters and job seekers.

Active since at least 2020, Sapphire Sleet has established a network that simulates skills assessment platforms to facilitate their fraudulent schemes. A prevalent method they utilize involves impersonating venture capitalists to entice targets into virtual meetings. When victims try to access these meetings, they are met with error messages instructing them to contact a fictitious support team. Those who do so are sent malicious scripts designed for their specific operating systems, which, upon execution, install malware on their devices.

This malware grants the attackers access to sensitive credentials and cryptocurrency wallets. Additionally, the group has been known to pose as recruiters from well-known financial institutions, such as Goldman Sachs, to lure potential victims into completing assessments on compromised websites. Microsoft underscores that North Korea’s approach of deploying IT professionals abroad not only serves as a revenue-generating strategy but also raises significant concerns regarding intellectual property theft and data security breaches.

#NorthKorea #CyberSecurity #CryptocurrencyTheft #SapphireSleet #APT38 #BlueNoroff #SocialEngineering #Malware #LinkedInScams #CyberThreats #DataBreach #ITSecurity #Cryptocurrency #HackerGroup #RecruitmentScams #OnlineSafety #TechFraud #IdentityTheft #DigitalSecurity #CyberAwareness #MaliciousScripts