TZUTC: -0500
MSGID: 1106.consprcy@1:2320/105 2c875c58
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
These North Korean IT workers have been infiltrating Western businesses since
2016

Date:
Mon, 12 May 2025 13:29:00 +0000

Description:
The Nickel Tapestry threat has continued for almost ten years.

FULL STORY
======================================================================
 - North Korean hackers have been impersonating job applicants
 - These applicants gain employment in western firms
 - New research suggests these campaigns have been going on since 2016

North Korean hackers have been making the headlines recently by fraudulently
gaining employment in western firms. Research from Sophoss Counter Threat 
Unit (CTU) has been tracking this as the Nickel Tapestry campaign, 
identifying infrastructure links that suggest money-making schemes have been
operating since 2016. 

The research shows that the campaign is increasingly targeting European and
Japanese organizations - probably thanks to increased awareness amongst
American companies. These fraudulent job applicants have been observed
impersonating Japanese, Vietnamese, and Singaporean professionals, as well as
American personas. 

Previous research has shown that North Korean hackers are posing as software
development recruiters to target freelancers , spreading malware through the
recruitment scams and stealing cryptocurrency from victims. 

Dual objectives

The salaries earned by the hackers seem to help fund the government interests
of the Democratic Peoples Republic of Korea - and record breaking crypto 
scams have also successfully earned the Lazarus hacking group $1.5 billion .
Around $300 million of this was successfully converted by the group into
unrecoverable funds from this one incident alone, so these campaigns are
lucrative for the state. 

Thats not all though, as the fraudulent workers have also been observed
stealing credentials and exfiltrating data, as well as deliberately gaining
employment in industries with sensitive data, like defense, aerospace, and
cybersecurity. 

These roles allow the workers to use remote access software and AI generated
writing, CV building, image editing, and video enhancing tools to impersonate
legitimate workers and circumvent default systems. 

Organizations are urged to remain vigilant and to check candidate identities
thoroughly, and review their CVs and addresses thoroughly, even suggesting
in-person interviews where possible. 

As remote positions become increasingly popular, companies should monitor for
traditional insider threat activity, suspicious usage of legitimate tools, 
and impossible travel alerts to detect activity often associated with
fraudulent workers Sophos confirms.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/these-north-korean-it-workers-have-been
-infiltrating-western-businesses-since-2016

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30
SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35
PATH: 2320/105 229/426