North Korean hackers have stolen billions in crypto by posing as VCs, recruiters and IT workers
North Korean hackers steal billions in crypto, posing as VCs or IT workers.
Posing as venture capitalists, recruiters, and IT workers, North Korean hackers have illicitly obtained billions in cryptocurrency. These activities fund the country's nuclear weapons program, circumventing international sanctions and benefiting its strategic aims.
At the Cyberwarcon conference in Washington DC, researchers shared insights into how North Korean IT workers infiltrate multinational firms, employing U.S.-based facilitators to bypass financial restrictions. Groups like 'Ruby Sleet' target aerospace firms for industrial secrets, while 'Sapphire Sleet' uses fake meetings to install malware on victims' devices to steal cryptocurrency.
Tech giants like Microsoft have observed operations from North Korea to allies like Russia and China, further complicating cybersecurity defenses for companies. Researchers stress improved vetting processes to combat such deceptions, highlighting cases where IT workers employed deepfake technology and exhibited sloppiness that betrayed their fake identities.