Author: Vince Quill, CoinTelegraph; Compiler: Deng Tong, Golden Finance

According to reports, hackers with ties to North Korea have expanded their efforts by infiltrating "hundreds" of large multinational information technology companies. Social engineering scam to steal cryptocurrency.

According to an article in TechCrunch, researchers at the Cyberwarcon cybersecurity conference discovered two North Korean hacking groups named "Sapphire Sleet" and "Ruby Sleet."

Sapphire Sleet targets individuals through fraudulent employment schemes by posing as legitimate recruiters and luring unsuspecting victims into interviews or other employment opportunities. The hackers would then infect the user's computer with malware disguised as a picture document file (PDF) or a malicious link at some point during the interview.

Ruby Sleet successfully infiltrated aerospace and defense contractors in the United States, United Kingdom, and South Korea to steal military secrets.

In addition, the report also mentioned that North Korean IT employees used artificial intelligence, social media and voice-changing technology to create false identities to infiltrate companies and conduct recruitment scams.

Cryptocurrency thefts in November 2024. Source: Immunefi

Long before researchers at Cyberwarcon warned of North Korean hacking groups targeting information technology companies, hackers associated with the North Korean regime were using the same tactics to target cryptocurrency companies.

In August, on-chain sleuth ZackXBT claimed to have identified 21 developers, believed to be North Koreans, who were working on various crypto projects using false identities.

Then, in September, the FBI warned that North Korean hackers were targeting cryptocurrency companies and decentralized finance projects with malware disguised as job opportunities. Once a user downloads malware or clicks on a malicious link, their private keys can be stolen.

Most recently, in October, the Cosmos ecosystem faced concerns over its Liquid Stake module, which was allegedly built by North Korean developers.

Jacob Gadikian, a developer on the Cosmos ecosystem, said: “The people who built LSM are some of the most skilled and prolific cryptocurrency thieves in the world.” The threat of backdoors and other malicious lines of code prompts attacks on the Cosmos Liquid Stake module Several security audits were conducted.