- Nisos discovers a network of false identities, all looking for software development work
- At least two characters are working in small businesses.
- The goal is to make money for the North Korean weapons program.
The cybercounts of North Korea are pretending their identities to obtain jobs in software development companies in Asia and the West, a new research said.
A report by the researchers who Nisos claims to have identified at least four false characters who work as software developers, blockchain developers, IT professionals and similar, with the objective, “gain cash to finance the Development Programs of Balistic missiles and Pyongyang nuclear weapons.”
To create these false identities, threat actors are using Github and reusing matured github accounts and portfolio content of older people. This helps them endure their new identities, the researchers said. It also helped two people get work in companies with less than 50 employees.
Lazarus?
While these identities have accounts on employment and information websites, they do not have social media accounts, which is always a red flag. In addition, their profile photos are “Photoshopped” and, in some cases, they have obviously hit a different face on a file photo to show them that they work in a team.
Finally, all people on the network use similar email addresses, often including the same numbers and the word “DEV”.
While it is difficult to know with certainty, Nisos says that there are “several indicators” that computer pirates are affiliated with the North Korean government, including “consistent tactics, techniques and procedures (TTP) attributed to the actors of labor fraud of North Korea.”
In the past, there have been reports from Lázaro, a well -known threat actor sponsored by the state of North Korea, looking for software development work. Being hired helps them access the back of the company, which they use to steal confidential data, or even money.
Lázaro was also observed creating false companies and false works, and head hunting software developers in IT companies. During the “hiring process”, they would leave malware on their victim’s devices, with the same objective of accessing your employer’s IT infrastructure.
The group usually addresses companies related to blockchain and has achieved some of the greatest bingers in history.
