The North Korea-related group called Sapphire Sleet is believed to have swiped over $10 million in cryptocurrency through some clever trickery on social media over half a year. Microsoft spilled the tea on this, saying these sneaky peeps have been using fake LinkedIn profiles to pretend they're job recruiters or people looking for jobs. They've been doing this to get money for their country that's not allowed to have much of it because of sanctions.
Sapphire Sleet has been up to no good since at least 2020 and is kinda like two other hacker groups, APT38 and BlueNoroff. Last November, Microsoft caught them setting up fake websites that looked like real job skills test places to fool people into giving them access to their computers.
They'd chat up someone on LinkedIn, saying they're a big shot with money to invest in the person's company, and then set up a virtual meeting. But when the person tries to join the meeting, they get an error message saying they need to talk to some fake tech support. If the person bites and contacts them, they get sent a file that's actually a nasty trick to get malware on their computer.
The malware is like a key to their digital wallet, and boom, the bad guys have all their cryptocurrency. They've been impersonating big companies like Goldman Sachs to make it all seem legit.
North Korea is known for sending thousands of techy folks out of the country to work, and it's a triple whammy for them. These workers can get money through their regular jobs, they might steal some fancy secrets, and they can grab data and hold it for ransom.
These North Korean IT peeps use middlemen to make fake accounts on job sites like GitHub and LinkedIn because they can't just sign up like everyone else. They're also pretty handy with AI stuff like Faceswap, which helps them make believable pictures for their fake personas. They've made at least $370,000 just from this gig.
They're so organized with their money-making schemes, it's kind of impressive but also super sketchy. And now, they're playing around with voice-changing software to sound more legit. It's like they're turning into internet ninjas or something.