North Korean fake job hackers are going the extra mile to make sure their
scams seem legit
Date:
Thu, 06 Mar 2025 16:41:00 +0000
Description:
Security researchers claim to have found multiple fake personas from North Korea, getting hired in the West.
FULL STORY ======================================================================
- Nisos uncovers network of fake identities, all looking for software development work
- At least two personas are working in small businesses
- The goal is to earn money for North Korea's weapons program
North Korean cybercriminals are faking their identities in order to get jobs
in software development companies in Asia and the West, new research has claimed.
A report from researchers Nisos claims to have identified at least four fake personas working as software developers, blockchain developers, IT pros, and similar, with the goal, to earn cash to fund Pyongyangs ballistic missile and nuclear weapons development programs."
To create these fake identities, the threat actors are using GitHub and
reusing matured GitHub accounts and portfolio content from older personas.
This helps them backstop their new identities, the researchers said. It also helped two individuals get jobs at companies with fewer than 50 employees.
Lazarus?
While these identities have accounts on employment and people information websites, they dont have social media accounts, which is always a red flag. Furthermore, their profile photos are photoshopped and they have, in some cases, obviously pasted a different face over a stock photo to show them working in a team.
Finally, all personas in the network use similar email addresses, often including the same numbers and the word dev.
While its difficult to know for certain, Nisos says there are several indicators that the hackers are affiliated with the North Korean government, including consistent tactics, techniques, and procedures (TTPs) attributed to North Korean employment fraud actors.
In the past, there have been reports of Lazarus, a known North Korean state-sponsored threat actor, hunting for software development jobs. Getting hired helps them gain access to the companys back end, which they use to
steal sensitive data, or even money.
Lazarus was also observed creating fake companies and fake jobs, and head-hunting software developers in major IT firms. During the hiring
process, they would drop malware onto their victims devices, with the same
goal of accessing their employers IT infrastructure.
The group usually targets blockchain-related businesses and has pulled off
some of the biggest crypto heists in history.
======================================================================
Link to news story:
https://www.techradar.com/pro/security/north-korean-fake-job-hackers-are-going -the-extra-mile-to-make-sure-their-scams-seem-legit
$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)