Study found North Korea posing as IT workers to steal billion dollars

North Korea, known for stealing billions of dollars in cryptocurrency, has expanded its capabilities by posing as recruiters and IT workers in recent years.

North Korean hackers are now being posed as promising employee candidates for multinational companies in order to make money and steal company secrets.

Researchers at the Cyberwarcon cybersecurity conference found that North Korean hackers were impersonating remote workers for large companies, including IT employees and recruiters.

The research also revealed that two hacker groups named Sapphire Sleet and Ruby Sleet were doing their work for the North Korean regime by using the same scenario and being posed as potential workers.

Sapphire Sleet steals cryptocurrency from individuals and companies by impersonating them as recruiters or venture capitalists. In this case, they host a corrupt meeting to get the victim to download a tool that will fix the problem, but they actually just download malware. Thanks to this scenario, North Korea earned $10 million in just six months.

Ruby Sleet acts as an aerospace company targeting industry secrets; With these actions, it develops weapons and navigation systems.

Crypto industry lost $1.5 billion due to hackers

Leading bug bounty platform Immunefi shared that this year the crypto industry lost $1.48 billion due to several crypto hackers. There is $71 million in November 2024, with Thala and Dexx as the main victims.

Decentralized finance company Thala reported losing $26 million after its protocol liquidity was exploited. Thala froze $11.5 million in assets, including the protocol’s native THL token and Move Dollar (MOD).

Dexx and Polter Finance also faced hacker issues and lost approximately $21 million and $12 million respectively. DeltaPrime cases on November 11 were also among the major losses this month, with $5 million.