1. Forum
  2. tqwNet
  3. TQW GENTECH

  • North Korean 'fake worker' scheme caught live on camera

    From TechnologyDaily@1337:1/100 to All on Wednesday, December 03, 2025 20:15:08
    North Korean 'fake worker' scheme caught live on camera

    Date:
    Wed, 03 Dec 2025 20:13:00 +0000

    Description:
    Researchers trapped Lazarus operators with sandbox environments

    FULL STORY ======================================================================Research ers tricked North Korean hackers running a fake job campaign They were
    tricked into using a sandbox they thought was a legitimate laptop This gives valuable insight into their tactics.

    An investigation run by BCA Ltd founder, Mauro Eldritch, in partnership with Northscan and ANY.RUN has observed the infamous Lazarus group in one of its most notorious schemes - the malicious interview campaign. Within this
    scheme, workers from the DPRK aim to trick legitimate recruiters into hiring them for high-profile companies - a position they can use to carry out malicious activities.

    Researchers from this intelligence gathering operation were able to trap the hackers with what hackers believed were real developer laptops - but were actually remotely controlled sandbox environments belonging to ANY.RUN.

    During the most recently observed campaign, hackers recruited genuine engineers to act as a front man for them, offering between 20% and 30% of the salary in return for them attending interviews and meetings.

    Save up to 68% for TechRadar readers on Aura's Identity theft protection

    TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal. View Deal Famous Chollima

    By tricking the criminals, who go by the name Famous Chollima, into using the sandbox, researchers were able to expose their tactics - and a limited but powerful set of tools that enable them to take over identities without deploying ransomware.

    The criminals were found to be using; Browser-based OTP generators, AI automation tools, and Google remote Desktop to bypass 2FA and enable consistent control of the host.

    This isnt particularly surprising, since weve seen plenty of different iterations of these attacks with evolving strategies and tech tools. The FBI recently released a statement warning of efforts from the North Korean hackers,

    North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea's determination to compromise networks connected to cryptocurrency assets.

    With this research, security teams gain a more detailed insight into the workings of these criminal groups - and companies can be more secure in their defenses. Its important for firms to understand the common tools these organizations use, because one compromise could lead to a much more significant infiltration.

    Via: The Hacker News



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/north-korean-fake-worker-scheme-caught- live-on-camera


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)