Report: North Korean Hackers Attack IT and Encryption Industries Using AI and Other Technologies

Author: Vince Quill, CoinTelegraph; Translation: Deng Tong, Golden Finance

According to reports, Hackers associated with the North Korean government have expanded their social engineering eyewash aimed at stealing Crypto Assets by infiltrating "hundreds" of large multinational information technology companies.

According to an article by TechCrunch, researchers at the Cyberwarcon cybersecurity conference discovered two North Korean hacker groups, named "Sapphire Sleet" and "Ruby Sleet".

Sapphire Sleet lures unsuspecting victims by impersonating legitimate recruiters to participate in interviews or provide other employment opportunities, targeting individuals through fraudulent employment schemes. Then, a Hacker will infect the user's computer with malware disguised as a picture document file (PDF) or malicious link at some point during the interview process.

Ruby Sleet successfully penetrated aerospace and defense contractors in the United States, United Kingdom, and South Korea, stealing military secrets.

In addition, the report also mentioned that North Korean IT employees use artificial intelligence, social media, and voice-changing technology to create false identities that infiltrate companies and carry out recruitment scams.

The theft of Cryptocurrency in November 2024. Source: Immunefi

North Korean Hacker targets the encryption industry

Even before researchers at Cyberwarcon issued a warning about the North Korean Hacker organization targeting information technology companies, hackers associated with the North Korean regime used the same strategy against Cryptocurrency companies.

In August, on-chain detective ZackXBT claimed to have identified 21 developers, believed to be North Koreans, who were using false identities to engage in various encryption projects.

Later in September, the FBI issued a warning that North Korean hackers were targeting Crypto Asset companies and DeFi projects with malware disguised as job offers. Once users download the malware or click on malicious links, their Private Key is stolen.

Recently, in October, the Cosmos ecosystem has faced concerns about its Liquid Stake module, which is reportedly built by a North Korean developer.

Jacob Gadikian, a developer in the Cosmos ecosystem, said, "The builders of LSM are the most skilled and productive cryptocurrency thieves in the world." Threats of backdoors and other malicious code have prompted multiple security audits of the Cosmos Liquid Stake module.