North Korean-linked hackers are pursuing the faux IT employee scheme with new ways, based on human threat safety firm Nisos.
The agency is monitoring a world community of IT employees posing as Vietnamese, Japanese and Singaporean nationals who’re making an attempt to acquire employment in distant engineering and full-stack blockchain developer positions in Japan and the US.
In a March 4 report, it shared that it recognized six personas – two of whom seem to have gained employment and 4 seeking to get hold of distant positions.
All are utilizing GitHub to create new personas or reuse present GitHub accounts and portfolio content material from older personas to backstop their new personas.
North Korean IT Staff Fund Pyongyang’s Nuclear Applications
Nisos assessed that this community is probably going a part of the North Korean faux IT employee scheme based mostly on a variety of methods, ways and procedures (TTPs) that align with beforehand reported campaigns:
- Personas declare to have expertise in three areas: creating net and cellular functions, information of a number of programming languages and an understanding of blockchain know-how
- Personas have accounts on employment and other people info web sites, IT industry-specific freelance contracting platforms, software program growth instruments and platforms and customary messaging functions, however they usually lack social media accounts, suggesting that the personas are created solely for the aim of buying employment
- Profile images are digitally manipulated: the IT employee’s face is usually pasted on high of a inventory photograph to indicate the person working with colleagues
- Personas throughout the community use related e-mail addresses
- E mail addresses usually embrace the identical numbers, reminiscent of 116, and the phrase “dev”
Nisos assessed that the community’s goal is to earn money to fund Pyongyang’s ballistic missile and nuclear weapons growth packages.
These findings come a number of weeks after stories of North Korean hackers stealing GitHub profiles to create faux IT employee personas in a brand new malware marketing campaign concentrating on freelance builders with misleading job ads and malicious software program disguised as official instruments.
The marketing campaign, linked to a risk actor referred to as ‘DeceptiveDevelopment,’ makes use of faux web sites, GitHub repositories and social engineering ways to trick victims into downloading malware that may compromise their methods and steal delicate info.
Nisos Menace Prevention Suggestions
The agency offered an inventory of suggestions for firms to keep away from falling for this sort of scheme.
These embrace:
- Guaranteeing candidates present identification documentation in particular person to allow human useful resource groups to raised establish falsified documentation
- Conducting an in depth evaluation of the applicant’s on-line presence for consistency in title, look, work historical past and training earlier than providing employment
Learn now: US Uncovers North Korean IT Employee Fraud, Affords $5M Bounty
