North Korean cybercriminals target job seekers with fake skills assessments
Threat actors contacted victims through platforms like LinkedIn before luring them to malicious websites, Microsoft says
North Korean cybercriminals lured IT job seekers to take fake skills assessment tests on malicious websites in a new social engineering campaign, according to Microsoft researchers, in what one expert called a likely attempt to extort victims.
The unit under the DPRK’s Lazarus Group, which Microsoft tracks as Sapphire Sleet, set up the “skills assessment portals” to lure targets from legitimate platforms like LinkedIn, Microsoft Threat Intelligence wrote in a recent series of social media posts.
After establishing contact with a victim, the cybercriminals use “lures related to skills assessment” to move communications with
- 01How North Korean support for Russia and Hamas compels Seoul to pivot West
- 02State media review: North Korea to hold major political meeting to wrap up year
- 03From QR codes to the blockchain: Inside North Korea’s digital payment plans
- 04Kim Jong Un reviews old satellite imagery despite North Korea’s new eyes in sky
- 05Eyes above: How a new ROK satellite will help monitor North Korea’s every move
- 06Timeline: From North Korea’s satellite launch to scrapping 2018 military deal
- 07North Korea’s post-reform elections looked a lot like those that came before
- 08State media review: North Korea faults ‘puppets’ for collapse of military deal