North Korean hackers have stolen over $10 million in cryptocurrency in just six months by using social engineering tactics on LinkedIn. The group, known as Sapphire Sleet, has been active since at least 2020 and is linked to other North Korean hacking groups like APT38 and BlueNoroff. Sapphire Sleet created fake profiles on LinkedIn, posing as recruiters and job seekers.
They used these profiles to target individuals and companies, tricking them into downloading malware that allowed the hackers to steal credentials and cryptocurrency wallets. One of their main tactics was to pretend to be a venture capitalist interested in a target’s company. They would set up an online meeting, and when the target tried to join, they would see error messages telling them to contact support.
If the victim reached out, the hackers would send them a script file that downloaded malware onto their computer. Sapphire Sleet also posed as recruiters for financial firms like Goldman Sachs.
Social engineering scams on LinkedIn
They would contact targets on LinkedIn and ask them to complete a skills assessment on a website controlled by the hackers. When the target logged in and downloaded the code for the assessment, they would unknowingly download malware. North Korea’s hacking strategy has been called a “triple threat” because it allows them to make money for the regime through legitimate work, steal intellectual property, and use cyberattacks for financial gain.
North Korean IT workers often use facilitators to help them access platforms and apply for remote jobs since it’s difficult for them to sign up for things like bank accounts or phone numbers. These IT workers create fake profiles and portfolios on sites like GitHub and LinkedIn to communicate with recruiters and apply for jobs. They have even used AI tools like Faceswap to modify stolen photos and documents to make their profiles look more professional.
Some have experimented with voice-changing software as well. The North Korean IT workers appear to be very organized in tracking the payments they receive. Microsoft estimates that this group has made at least $370,000 through their efforts.
