- Researchers tricked North Korean hackers running fake job campaign
- They were tricked into using a sandbox that they thought was a legitimate laptop.
- This provides valuable information about your tactics.
An investigation by BCA Ltd founder Mauro Eldritch, in association with Northscan and ANY.RUN, has looked at the infamous Lazarus group in one of its most notorious schemes: the “malicious interviewing” campaign. Within this scheme, DPRK workers aim to trick legitimate recruiters into hiring them at high-profile companies, a position they can use to carry out malicious activities.
Investigators of this intelligence gathering operation were able to catch the hackers with what the hackers believed were “real developer laptops,” but were actually remotely controlled sandbox environments belonging to ANY.RUN.
During the most recently observed campaign, hackers recruited genuine engineers to act as front men, offering them 20% to 30% of salary in exchange for them attending interviews and meetings.
famous chollima
By tricking the criminals, who call themselves ‘Famous Chollima’, into using the sandbox, researchers were able to expose their tactics and a limited but powerful set of tools that allow them to assume identities without deploying ransomware.
It was discovered that the criminals were using; Browser-based OTP generators, AI automation tools, and Google Remote Desktop to bypass 2FA and enable consistent host control.
This is not particularly surprising, as we have seen many different iterations of these attacks with evolving strategies and technological tools. The FBI recently released a statement warning of the efforts of North Korean hackers.
“North Korea’s social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well-versed in cybersecurity practices may be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets.”
With this investigation, security teams gain a more detailed view of the functioning of these criminal groups and companies can be more confident in their defenses. It is important for companies to understand the common tools these organizations use, because a compromise could lead to a much more significant infiltration.
Via: The Hacker News
The best identity theft protection for every budget
