TZUTC: -0500   
   MSGID: 1779.consprcy@1:2320/105 2d96e4cd   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   North Korean 'fake worker' scheme caught live on camera   
      
   Date:   
   Wed, 03 Dec 2025 20:13:00 +0000   
      
   Description:   
   Researchers trapped Lazarus operators with sandbox environments   
      
   FULL STORY   
      
   An investigation run by BCA Ltd founder, Mauro Eldritch, in partnership with   
   Northscan and ANY.RUN has observed the infamous Lazarus group in one of its   
   most notorious schemes - the malicious interview campaign. Within this    
   scheme, workers from the DPRK aim to trick legitimate recruiters into hiring   
   them for high-profile companies - a position they can use to carry out   
   malicious activities.    
      
   Researchers from this intelligence gathering operation were able to trap the   
   hackers with what hackers believed were real developer laptops - but were   
   actually remotely controlled sandbox environments belonging to ANY.RUN.    
      
   During the most recently observed campaign, hackers recruited genuine   
   engineers to act as a front man for them, offering between 20% and 30% of the   
   salary in return for them attending interviews and meetings.    
      
   Famous Chollima   
      
   By tricking the criminals, who go by the name Famous Chollima, into using the   
   sandbox, researchers were able to expose their tactics - and a limited but   
   powerful set of tools that enable them to take over identities without   
   deploying ransomware.    
      
   The criminals were found to be using; Browser-based OTP generators, AI   
   automation tools, and  Google remote Desktop to bypass 2FA and enable   
   consistent control of the host.    
      
   This isnt particularly surprising, since weve seen plenty of different   
   iterations of these attacks with evolving strategies and tech tools. The FBI   
   recently released a statement warning of efforts from the North Korean   
   hackers,    
      
   North Korean social engineering schemes are complex and elaborate, often   
   compromising victims with sophisticated technical acumen. Given the scale and   
   persistence of this malicious activity, even those well versed in   
   cybersecurity practices can be vulnerable to North Korea's determination to   
   compromise networks connected to cryptocurrency assets.    
      
   With this research, security teams gain a more detailed insight into the   
   workings of these criminal groups - and companies can be more secure in their   
   defenses. Its important for firms to understand the common tools these   
   organizations use, because one compromise could lead to a much more   
   significant infiltration.    
      
    Via: The Hacker News   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/north-korean-fake-worker-scheme-caught-   
   live-on-camera   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426