North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

In a shocking revelation, North Korea-linked threat group Sapphire Sleet has reportedly stolen over $10 million worth of cryptocurrency through sophisticated social engineering campaigns. These attacks have been orchestrated over a six-month period, with a heavy reliance on AI-driven scams to target unsuspecting victims on LinkedIn. 🔐💻

According to Microsoft, multiple threat activity clusters associated with North Korea have been leveraging fake LinkedIn profiles — posing as both recruiters and job seekers — to carry out cryptocurrency theft. Sapphire Sleet, which has been active since at least 2020, is also connected to APT38 and BlueNoroff, known cyber threat groups with ties to the regime.

🔍 How Sapphire Sleet Targets Victims:

Fake Profiles on LinkedIn: Hackers create convincing LinkedIn profiles by impersonating recruiters for top financial firms like Goldman Sachs.Social Engineering Tactics: They lure victims into fake job opportunities, claiming interest in their company’s work and setting up online meetings.Malware Delivery: Once the victim tries to connect to the supposed meeting, they’re prompted to contact a support team. If they fall for this, they’re sent a malicious file (AppleScript or Visual Basic Script) that downloads malware onto their system, enabling the attackers to steal credentials and cryptocurrency. 🖥️💥

The group also uses AI-powered tools like Faceswap to alter stolen photos and documents, crafting fake resumes and profiles that are more likely to be accepted by recruiters. AI also assists in creating realistic voices for fake video calls, helping these scammers carry out their deceptive schemes with precision. 🧠🔊

💡 Additional Insights from Microsoft:

North Korean IT Workers: These workers are strategically dispatched abroad, generating income for the regime and enabling access to intellectual property and ransom schemes.Freelance Job Scams: They use facilitators to sign up for platforms like GitHub and LinkedIn, where they create fake profiles to apply for remote jobs.Financial Success: Despite their illegal methods, these North Korean IT workers have reportedly earned over $370,000 from their scam operations. 💵

🚨 Key Takeaways for LinkedIn Users:

Be cautious of unsolicited job offers or invitations from unknown profiles, especially if they ask you to complete skills assessments or download files.Ensure your LinkedIn profile is private and that you verify the authenticity of any potential recruiters before clicking on links or sharing personal information. 🔒

In a world increasingly dominated by AI and cryptocurrency, cybercriminals like Sapphire Sleet are evolving their tactics, making it more critical than ever to stay cybersecure and aware of these threats.

Stay vigilant and always Verify Before You Trust! 💻✅