The IT workers related to the Democratic People’s Republic of Korea (DPRK) are now applying for remote jobs using LinkedIn accounts of other individuals. This attack tactic is unique.
According to the Security Alliance (SEAL) post on X, “These profiles often have verified workplace emails and identity badges, which DPRK operatives hope will make their fraudulent applications appear legitimate.”
The IT worker scare has been haunting the industry for a long time. It originates from North Korea, the threat actors pose as remote workers to get jobs in Western organizations and other places using fake identities. The scam is infamous as Wagemole, PurpleDelta, and Jasper Sleet.
The end goal?
To make significant income to fund the country’s cyber espionage operations, weapons programs, and also conduct ransomware campaigns.
In January, cybersecurity firm Silent Push said that the DPRK remote worker program is a “high-volume revenue engine” for the country, allowing the hackers to gain administrative access to secret codebases and also get the perks of corporate infrastructure.
Once the threat actors get their salaries, DPRK IT workers send cryptocurrency via multiple money laundering techniques.
Chain-hopping and/or token swapping are two ways that IT professionals and their money laundering colleagues sever the connection between the source and destination of payments on the chain. To make money tracking more difficult, they use smart contracts like bridge protocols and decentralized exchanges.
What should individuals do?
To escape the threat, users who think their identities are being stolen in fake job applications should post a warning on their social media and also report on official communication platforms. SEAL advises to always “validate that accounts listed by candidates are controlled by the email they provide. Simple checks like asking them to connect with you on LinkedIn will verify their ownership and control of the account.”
The news comes after the Norwegian Police Security (PST) released an advisory, claiming to be aware of “several cases” in the last 12 months in which IT worker schemes have affected Norwegian companies.
PST reported last week that “businesses have been tricked into hiring what are likely North Korean IT workers in home office positions. The salary income North Korean employees receive through such positions probably goes to finance the country’s weapons and nuclear weapons program.”
Read the original article: