- North Korea computer pirates have been finishing employment applicants
- These applicants obtain employment in Western companies
- New research suggests that these campaigns have been happening since 2016
North Korea computer pirates have recently been in the holders by obtaining fraudulently employment in Western companies. The investigation of the Sophos threat unit (CTU) has been tracking this as the nickel tapestry campaign, identifying infrastructure links that suggest that money manufacturing schemes have been operating since 2016.
The research shows that the campaign is increasingly addressed to European and Japanese organizations, probably thanks to greater conscience among US companies. These fraudulent employment applicants have observed that Japanese, Vietnamese and Singapurenses are observed, as well as American people.
Previous investigations have shown that North Korean computer pirates are passed through software development recruiters to attack independent workers, spread malware through recruitment scams and steal the cryptocurrency of victims.
Dual objectives
Salaries won by computer pirates seem to help finance the interests of the Government of the Democratic Popular Republic of Korea, and records of record cryptography have also successfully earned the Piracy Group of Lázaro $ 1.5 billion. Around $ 300 million of this successfully became unrecoverable funds of this incident alone, so these campaigns are lucrative for the State.
However, that is not all, since fraudulent workers have also observed to steal credentials and exfiltrate data, as well as obtaining deliberately in industries with confidential data, such as defense, aerospace and cybersecurity.
These roles allow workers to use the remote access software and the writing generated by AI, the construction of CV, the edition of images and the video improvement tools to impersonate legitimate workers and avoid predetermined systems.
Organizations are urged to remain attentive and see the identities of the candidates thoroughly, and review their CV and thorough addresses, even suggesting interviews in person when possible.
As the remote positions become increasingly popular, companies should “monitor the traditional internal threat activity, the suspicious use of legitimate tools and impossible travel alerts to detect the activity often associated with fraudulent workers,” confirms Sofos.
