North Korean hackers pose as venture capitalists to steal cryptocurrencies
Hackers and cybercriminals, allegedly working for the North Korean state, posing as venture capitalists as well as tech support workers and recruiters, have stolen more than $1 billion in crypto in recent years, according to security researchers who presented their findings at Cyberwarcon Conference based in Washington DC. Here’s what we know.
The billion-dollar crypto heist explained
You might not think that a venture capitalist and a large company recruiter have much in common, even less so if you add in a remote IT professional, but according to Zack Whittaker, reports for TechCrunch“all were arrested as imposters working secretly for the North Korean regime, security researchers say.”
These security researchers were presenting at the annual Cyberwarcon conference in Washington, DC, which takes an analytical look at the most disruptive threats in the world of cybersecurity. A presentation, by Microsoft Thrat Intelligencerevealed how, over the past decade, the Democratic People’s Republic of Korea has “successfully built a computer network exploitation capability” allowing the malicious actors involved to “steal billions of dollars in cryptocurrency.” Meanwhile, threat intelligence analysts said: “North Korean threat actors have developed and used multiple zero-day exploits and have become experts in cryptocurrency, blockchain, and AI technology . »
One North Korean-affiliated threat group in particular, known as Sapphire Sleet, has been observed committing cryptocurrency thefts since 2020, Microsoft said. For example, over a six-month period, threat intelligence revealed how Sapphire Sleet had stolen more than $10 million from multiple companies. Although the precise methodologies used by threat actors have changed over time, Microsoft said the newest and largest ploy involves “posing as a venture capitalist.” This fake VC will feign interest in investing in a target company and schedule an online meeting to discuss it. On the day of the meeting, technical issues appear to arise and the victim is referred to a support team. This launches the malicious game into action with a malware script downloaded to supposedly fix the problem while actually downloading malware that ultimately compromises the cryptocurrency wallet’s credentials and steals the crypto it contains.
Microsoft recommends that organizations and individuals follow the Tips for Spotting Fake North Korean IT Workers and others from the U.S. Department of State and the Federal Bureau of Investigation. You can also refer to these tips given by the FBI to protect yourself and your business from crypto attackers.
