North Korean hackers have stolen billions in crypto by posing as VCs, recruiters and IT workers

North Korean hackers steal billions in crypto, posing as VCs or IT workers.

: North Korean hackers have stolen billions in cryptocurrency by posing as venture capitalists, recruiters, and IT workers. They infiltrate companies globally, using false identities to earn money and steal secrets aiding North Korea's weapons program. Microsoft highlights 'Ruby Sleet' and 'Sapphire Sleet' groups employing malware in fake meetings to access crypto wallets. Despite sanctions, the regime's hacking remains a persistent threat, leveraging remote work trends to penetrate large corporations.

Posing as venture capitalists, recruiters, and IT workers, North Korean hackers have illicitly obtained billions in cryptocurrency. These activities fund the country's nuclear weapons program, circumventing international sanctions and benefiting its strategic aims.

At the Cyberwarcon conference in Washington DC, researchers shared insights into how North Korean IT workers infiltrate multinational firms, employing U.S.-based facilitators to bypass financial restrictions. Groups like 'Ruby Sleet' target aerospace firms for industrial secrets, while 'Sapphire Sleet' uses fake meetings to install malware on victims' devices to steal cryptocurrency.

Tech giants like Microsoft have observed operations from North Korea to allies like Russia and China, further complicating cybersecurity defenses for companies. Researchers stress improved vetting processes to combat such deceptions, highlighting cases where IT workers employed deepfake technology and exhibited sloppiness that betrayed their fake identities.