- Researchers tricked North Korean hackers into running a fake job campaign
- They were tricked into using a sandbox they thought was a legitimate laptop
- This provides valuable insight into their tactics.
An investigation run by BCA Ltd founder, Mauro Eldritch, in collaboration with Northscan and ANY.RUN has observed the infamous Lazarus group in one of its most infamous schemes – the ‘malicious interview’ campaign. Within this scheme, workers from the DPRK aim to trick legitimate recruiters into hiring them for high-profile companies – a position they can use to carry out nefarious activities.
Researchers from this intelligence-gathering operation were able to catch the hackers using what hackers thought were ‘real developer laptops’ – but were actually remote sandbox environments belonging to ANY.RUN.
In the most recently observed campaign, hackers recruited real engineers to act as frontmen for them, offering between 20% and 30% of salary in exchange for attending interviews and meetings.
Famous Chollima
By tricking the criminals who go by the name ‘Famous Chollima’ into using the sandbox, the researchers were able to reveal their tactics – and a limited but powerful set of tools that enable them to take over identities without deploying ransomware.
The criminals were found to be using; Browser-based OTP generators, AI automation tools and Google Remote Desktop to bypass 2FA and enable uniform control of the host.
This is not particularly surprising as we have seen plenty of different iterations of these attacks with evolving strategies and technological tools. The FBI recently released a statement warning of efforts by the North Korean hackers,
“North Korean social engineering schemes are complex and compromised, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well-versed in cybersecurity practices may be vulnerable to North Korea’s determination to compromise networks associated with cryptocurrency assets.”
With this research, security teams gain a more detailed insight into how these criminal groups operate – and companies can be more confident in their defenses. It is important for companies to understand the common tools these organizations use because a compromise can lead to a much more significant infiltration.
Via: The Hacker News
The best protection against identity theft for all budgets
