TZUTC: -0500   
   MSGID: 1106.consprcy@1:2320/105 2c875c58   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   These North Korean IT workers have been infiltrating Western businesses since   
   2016   
      
   Date:   
   Mon, 12 May 2025 13:29:00 +0000   
      
   Description:   
   The Nickel Tapestry threat has continued for almost ten years.   
      
   FULL STORY   
   ======================================================================   
    - North Korean hackers have been impersonating job applicants   
    - These applicants gain employment in western firms   
    - New research suggests these campaigns have been going on since 2016   
      
   North Korean hackers have been making the headlines recently by fraudulently   
   gaining employment in western firms. Research from Sophoss Counter Threat    
   Unit (CTU) has been tracking this as the Nickel Tapestry campaign,    
   identifying infrastructure links that suggest money-making schemes have been   
   operating since 2016.    
      
   The research shows that the campaign is increasingly targeting European and   
   Japanese organizations - probably thanks to increased awareness amongst   
   American companies. These fraudulent job applicants have been observed   
   impersonating Japanese, Vietnamese, and Singaporean professionals, as well as   
   American personas.    
      
   Previous research has shown that North Korean hackers are posing as software   
   development recruiters to target freelancers , spreading malware through the   
   recruitment scams and stealing cryptocurrency from victims.    
      
   Dual objectives   
      
   The salaries earned by the hackers seem to help fund the government interests   
   of the Democratic Peoples Republic of Korea - and record breaking crypto    
   scams have also successfully earned the Lazarus hacking group $1.5 billion .   
   Around $300 million of this was successfully converted by the group into   
   unrecoverable funds from this one incident alone, so these campaigns are   
   lucrative for the state.    
      
   Thats not all though, as the fraudulent workers have also been observed   
   stealing credentials and exfiltrating data, as well as deliberately gaining   
   employment in industries with sensitive data, like defense, aerospace, and   
   cybersecurity.    
      
   These roles allow the workers to use remote access software and AI generated   
   writing, CV building, image editing, and video enhancing tools to impersonate   
   legitimate workers and circumvent default systems.    
      
   Organizations are urged to remain vigilant and to check candidate identities   
   thoroughly, and review their CVs and addresses thoroughly, even suggesting   
   in-person interviews where possible.    
      
   As remote positions become increasingly popular, companies should monitor for   
   traditional insider threat activity, suspicious usage of legitimate tools,    
   and impossible travel alerts to detect activity often associated with   
   fraudulent workers Sophos confirms.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/these-north-korean-it-workers-have-been   
   -infiltrating-western-businesses-since-2016   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426