- Researchers tricked North Korean hackers into running fake jobs campaign
- They were tricked into using a sandbox that they thought was a legitimate laptop.
- This gives valuable insight into their tactics.
An investigation led by BCA Ltd founder Mauro Eldritch, in partnership with Northscan and ANY.RUN, observed the infamous Lazarus Group in one of its most notorious schemes: the “malicious interviews” campaign. As part of this scheme, DPRK workers aim to lure legitimate recruiters into hiring them at high-profile companies – a position they can use to carry out malicious activities.
Researchers in this intelligence gathering operation managed to trap the hackers with what the hackers thought were “real developer laptops” – but were actually remotely controlled sandbox environments owned by ANY.RUN.
In the most recently observed campaign, hackers recruited actual engineers to serve as their spokespersons, offering them between 20 and 30 percent of their salaries in exchange for participating in interviews and meetings.
Chollima celebrates
By tricking the criminals, known as “Famous Chollima,” into using the sandbox, researchers were able to expose their tactics and a limited but powerful set of tools that allow them to take over identities without deploying ransomware.
Criminals were found to be using; Browser-based OTP generators, AI automation tools, and Google Remote Desktop to bypass 2FA and enable consistent host control.
This is not particularly surprising, since we have seen many different iterations of these attacks with evolving strategies and technology tools. The FBI recently released a statement warning of the efforts of North Korean hackers,
“North Korean social engineering plans are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those familiar with cybersecurity practices may be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets.”
With this research, security teams gain more detailed insight into how these criminal groups operate – and businesses can be more secure in their defenses. It is important for businesses to understand the common tools used by these organizations, as a compromise could lead to a much larger infiltration.
Via: Hacker news
The best identity theft protection for every budget
