Over $10 million worth of cryptocurrency has been exfiltrated by North Korean hacking operation Sapphire Sleet, also known as BlueNoroff and APT38, from various social engineering campaigns in just half a year, according to The Hacker News.
Deployment of credential and cryptocurrency stealing malware has been conducted by Sapphire Sleet not only through the impersonation of venture capitalists luring targets to join an online meeting about a supposed investment but also via fraudulent LinkedIn accounts purporting to be recruiters for Goldman Sachs and other financial entities that send malicious skills assessments, a Microsoft Threat Intelligence report showed. Attackers also sought to establish the legitimacy of their fake LinkedIn and GitHub accounts through the exploitation of Faceswap and other threat intelligence tools, the report said. "In addition to using AI to assist with creating images used with job applications, North Korean IT workers are experimenting with other AI technologies such as voice-changing software," said Microsoft.
