216.73.217.139

North Korean remote workers landing jobs in the West

· Published 06/11/2024 11:06 · Modified 06/11/2024 11:34

Export JSON

Essential information

Published
06/11/2024 11:06
Modified
06/11/2024 11:34
Tags
2024-11-06 beavertail contagious interview cryptocurrency data theft invisibleferret job fraud remote work sanctions evasion social engineering wagemole
Related entities
56 observables, 1 intrusion sets (apt), 12 techniques (mitre), 2 malware, 17 others

Description

North Korean threat actors are utilizing and campaigns to secure remote employment in Western countries, evading financial sanctions. The campaign has been updated with improved script obfuscation and multi-platform support, targeting over 100 devices across various operating systems. The campaign steals sensitive data, including source code and information. leverages stolen data to create fake identities, using generative AI to acquire and perform jobs. The actors aggressively target developers through social media and job platforms, focusing on web, , and AI roles. They use sophisticated techniques to bypass background checks and secure legitimate remote positions, particularly in small to mid-sized businesses.

External references