North Korean hackers posing as IT workers steal over $1B in cyberattack

Written by
Edited by
Written on Nov 29, 2024
Reading time 4 minutes
  • North Korea earned $10 million in six months through Sapphire Sleet's cryptocurrency schemes.
  • November saw $71 million in crypto losses, with Thala, Dexx, and Polter Finance as key targets.
  • Immunefi reports 2024 as one of the worst years for crypto hacks, with $1.48 billion lost.

Follow Invezz on Telegram, Twitter, and Google News for instant updates >

North Korean hackers are escalating their operations, posing as candidates for remote positions at multinational companies.

Advertisement

Are you looking for signals & alerts from pro-traders? Sign-up to Invezz Signals™ for FREE. Takes 2 mins.

These hackers are leveraging their disguises to steal trade secrets and siphon cryptocurrency funds, contributing significantly to the regime’s coffers.

Advertisement

Researchers at the Cyberwarcon cybersecurity conference identified two North Korean hacker groups, Sapphire Sleet and Ruby Sleet, as key players in these schemes.

Their methods range from impersonating recruiters to masquerading as employees in industries such as aerospace.

This strategy has already reaped millions for the North Korean government while dealing heavy blows to corporate and crypto industries worldwide.

Sapphire Sleet and Ruby Sleet

Copy link to section

Sapphire Sleet has emerged as a major threat by targeting cryptocurrency companies and investors.

The group pretends to be recruiters or venture capitalists, setting up virtual meetings to lure victims into downloading malware disguised as a troubleshooting tool.

These malicious downloads give hackers access to sensitive data and digital assets.

Within just six months, Sapphire Sleet’s operations have generated $10 million for the North Korean regime.

The stolen funds are believed to support the country’s weapons development and bypass economic sanctions imposed by the international community.

Ruby Sleet operates under a more targeted approach, focusing on the theft of trade secrets in the aerospace industry.

The group poses as employees of aerospace companies, infiltrating systems to gain access to proprietary information about weapons development and navigation technologies.

These activities aim to bolster North Korea’s military capabilities, underscoring the regime’s reliance on cybercrimes to advance its strategic objectives.

The crypto sector loses $1.48B in 2024

Copy link to section

The cryptocurrency industry has faced devastating losses, with hackers stealing $1.48 billion in 2024 alone, according to Immunefi, a leading bug bounty platform.

This figure includes high-profile breaches in November, where hackers looted $71 million across multiple platforms.

Decentralized finance (DeFi) firms have been especially vulnerable. Thala, a DeFi protocol, reported a $26 million loss after attackers exploited its liquidity protocol.

Despite freezing $11.5 million in assets, including its native THL token and Move Dollar (MOD), the firm continues to grapple with the aftermath of the breach.

Important Announcement On November 15th 2024, Thala suffered a security breach as a result of an isolated vulnerability in the latest update to v1 farming contracts, allowing the exploiter to withdraw liquidity pool tokens totaling $25.5m. We immediately paused all relevant…

644
Reply

Other notable victims include Dexx and Polter Finance, which lost $21 million and $12 million, respectively, in separate attacks.

These breaches have raised concerns about the robustness of DeFi security measures and highlighted the need for more stringent safeguards to protect assets.

DeltaPrime, another DeFi platform, reported a $4.75 million loss on November 11, further underscoring the vulnerability of the sector.

Growing cybersecurity concerns for global businesses

Copy link to section

The findings from Cyberwarcon highlight the growing sophistication of cyber threats.

By posing as legitimate employees, North Korean hackers exploit the increasing reliance on remote work, which has expanded significantly since the COVID-19 pandemic.

This strategy allows them to bypass traditional security measures, gaining access to sensitive data and critical systems.

Multinational corporations across industries are at risk, with IT firms, aerospace companies, and cryptocurrency platforms being prime targets.

The dual threat of financial loss and compromised intellectual property has heightened the urgency for organizations to adopt advanced cybersecurity measures and thoroughly vet remote candidates.

Strengthening defences against cyberattacks

Copy link to section

The crypto industry and other targeted sectors must implement stricter protocols to mitigate risks.

Multi-factor authentication, zero-trust frameworks, and enhanced vetting processes for remote workers are some of the measures that could bolster defenses.

Collaboration with cybersecurity firms to identify vulnerabilities and respond to breaches swiftly can help minimize damage.

As hackers become more sophisticated, the stakes for global businesses and the crypto industry continue to rise.

Protecting assets and trade secrets requires a proactive approach to cybersecurity, with continuous monitoring and improvement of defenses to stay ahead of evolving threats.

Advertisement

Other content you may like