TZUTC: -0500   
   MSGID: 369.consprcy@1:2320/105 2c303e7d   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   North Korean fake job hackers are going the extra mile to make sure their   
   scams seem legit   
      
   Date:   
   Thu, 06 Mar 2025 16:41:00 +0000   
      
   Description:   
   Security researchers claim to have found multiple fake personas from North   
   Korea, getting hired in the West.   
      
   FULL STORY   
   ======================================================================   
    - Nisos uncovers network of fake identities, all looking for software   
   development work   
    - At least two personas are working in small businesses   
    - The goal is to earn money for North Korea's weapons program   
      
   North Korean cybercriminals are faking their identities in order to get jobs   
   in software development companies in Asia and the West, new research has   
   claimed.    
      
   A report from researchers Nisos claims to have identified at least four fake   
   personas working as software developers, blockchain developers, IT pros, and   
   similar, with the goal, to earn cash to fund Pyongyangs ballistic missile and   
   nuclear weapons development programs."    
      
   To create these fake identities, the threat actors are using GitHub and   
   reusing matured GitHub accounts and portfolio content from older personas.   
   This helps them backstop their new identities, the researchers said. It also   
   helped two individuals get jobs at companies with fewer than 50 employees.   
      
   Lazarus?    
      
   While these identities have accounts on employment and people information   
   websites, they dont have social media accounts, which is always a red flag.   
   Furthermore, their profile photos are photoshopped and they have, in some   
   cases, obviously pasted a different face over a stock photo to show them   
   working in a team.    
      
   Finally, all personas in the network use similar email addresses, often   
   including the same numbers and the word dev.    
      
   While its difficult to know for certain, Nisos says there are several   
   indicators that the hackers are affiliated with the North Korean government,   
   including consistent tactics, techniques, and procedures (TTPs) attributed to   
   North Korean employment fraud actors.    
      
   In the past, there have been reports of Lazarus, a known North Korean   
   state-sponsored threat actor, hunting for software development jobs. Getting   
   hired helps them gain access to the companys back end, which they use to    
   steal sensitive data, or even money.    
      
   Lazarus was also observed creating fake companies and fake jobs, and   
   head-hunting software developers in major IT firms. During the hiring    
   process, they would drop malware onto their victims devices, with the same   
   goal of accessing their employers IT infrastructure.    
      
   The group usually targets blockchain-related businesses and has pulled off   
   some of the biggest crypto heists in history.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/north-korean-fake-job-hackers-are-going   
   -the-extra-mile-to-make-sure-their-scams-seem-legit   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426