North Korean Hackers Target Thousands Of IP Addresses Through Fake Recruiters

Hacking is often a highly technical process because it requires programming skills to pass through security protocols and measures. But aside from evading security protocols, hackers also have to hide their identity to avoid getting in trouble with the law. They have to use any method they can find to hack into their target.

One of the methods hackers use to attack businesses and institutions is through social engineering. Specifically, hackers try to persuade network engineers, coders, and others who work in the IT department to work for them through fake interviews and job offers.

According to Hacker News, a hacking campaign targeting 3,136 IP addresses was conducted. Unfortunately, 20 organizations were affected by these attacks.

The method: malicious individuals created LinkedIn profiles to message IT professionals. The message includes a job offer designed to attract IT professionals to apply.

But just like any application process, the IT professional has to pass a skill evaluation. These skill tests may seem harmless, but they contain malware that steals information, spies on users, gives remote access to sensitive files, and can take funds from crypto wallets.

Source of Attacks

Hacks stemming from social engineering through LinkedIn are believed to have come from the notorious North Korean state-sponsored group. This type of activity has been monitored since 2023 and has targeted various countries worldwide.

In this attack, North Korean hackers created fake LinkedIn profiles pretending to be from Ukraine. They pretend to be employees of a legitimate-looking company by using online tools to create fake profiles and communicate. Promising higher pay and a chance to help Ukraine, the attackers convince the IT professional to take a skill test. The attack starts when the IT professional opens the skill test on the company’s computer. This method scams the IT professional into giving hackers a backdoor to their company.

Pushing the IT Professional Into Opening the Backdoor

It might seem like the IT professional isn’t careful with security, since they were asked to run code. However, job security and work stress often come into play, ultimately pushing the professional to work according to the fake recruiters' demands.

Palo Alto Networks, through Unit 42 Threat Research Center, reported a fake recruiter’s method of pressuring workers to open their computers. An IT professional could safely demonstrate their coding skills on a Virtual Machine, but the recruiter insists the work be done on a real computer. Sometimes, the skills test doesn’t even have to be completed - the report indicates that the hacker just needs time for the code to work through the security systems for the hack to be complete.

Companies ensure their IT professionals make security a top priority. One compromised IT worker can cause millions in losses when they fall victim to a remote recruiting scam. The exact financial loss is hard to measure, but the impact could be long-term, since hackers have attacked many institutions, from banks to AI companies. Hackers will also find a way to scam and attack, but a security-conscious IT worker could easily prevent these problems.