North Korean threat operation NICKEL TAPESTRY has bolstered its cyberattacks involving fake IT workers against organizations in the U.S., UK, and Australia with the addition of extortion tactics, Hackread reports.
Attackers from laptop farms have leveraged fraudulent identities to dupe Western firms' HR departments into providing them with developer and other IT positions, a Secureworks Counter Threat Unit analysis revealed. Successful hiring would then be followed by company laptop rerouting to the aforementioned farms to facilitate stealthy remote access to the targeted firms' systems. While such intrusions commonly involved suspicious financial behaviors and IP address-masking techniques, one attacker who had been laid off due to dismal performance issued a six-figure ransom demand in exchange for the data stolen from the company. "The emergence of ransom demands marks a notable departure from prior NICKEL TAPESTRY schemes. However, the activity observed prior to the extortion aligns with previous schemes involving North Korean workers," said Secureworks researchers.
