U.S. departments warn of highly capable North Korean hackers19. May 2022
U.S. departments warn of highly capable North Korean hackers
The U.S. has released a statement warning that highly skilled North Korean developers and hackers are posing as freelancers on the Internet to hack their targets. Several agencies have warned of this phenomenon.
The U.S. State Department, Treasury Department, and FBI jointly released the statement. These threat actors target financial, healthcare, social media, sports, entertainment, and lifestyle companies based primarily in North America, Europe, and East Asia.
The North Korean government withholds 90% of the salary that workers earn abroad, so it can tax large amounts of money from citizens who work as freelancers for Western companies to avoid the sanctions.
They are said to abuse access obtained as contractors and support state-sponsored North Korean groups, access virtual infrastructure, sell the stolen data, and engage in money laundering and virtual currency transfers. The following were described as general anomalies in their behavior:
Multiple logins to an account from different IP addresses in a short period of time.
Logging into multiple accounts on the same platform from one IP address.
Continuous logins to accounts for one or more days at a time.
Use of ports such as 3389 associated with remote desktop sharing software.
Use of fraudulent client accounts on freelance work platforms in order to
Increase valuations of developer accounts.
Multiple developer accounts receiving high ratings from one client account in a short period of time.
Frequent money transfers via payment platforms to China-based bank accounts.
Seeking payments in virtual currency.
The statement comes weeks later after the US government announced a $5 million reward for anyone with information about the break-in that led to the theft of $540 million from Axie Infinity, the famous NFT game.