How North Korea Leverages Software Developers for Cyber Espionage and Crypto Theft
Contents
What happened
The Democratic People's Republic of Korea (DPRK) has increasingly relied on cyber operations to generate revenue and gather intelligence. Whilst they are already synonymous with tactics of direct extortion of eye-watering amounts of digital funds (unofficial estimates of up to $4B USD aren’t uncommon), and their preference of phishing campaigns that they spread far and wide, a particularly insidious tactic is emerging of infiltrating companies by placing their own operatives within Software Developer teams (simply referred to as Devs). They’re objectives include siphoning of funds by any means possible, including the salary they’re paid, extracting intelligence and even extend to nepotism by successfully referring other DPRK associates into obtaining contracts with the same protocol, thus increasing the risk (to the victim organization) and reward to North Korea's deposit accounts.
The increased use of developers has accelerated software delivery but also introduced new security vulnerabilities. DPRK likely recruits individuals with strong …
The Democratic People's Republic of Korea (DPRK) has increasingly relied on cyber operations to generate revenue and gather intelligence. Whilst they are already synonymous with tactics of direct extortion of eye-watering amounts of digital funds (unofficial estimates of up to $4B USD aren’t uncommon), and their preference of phishing campaigns that they spread far and wide, a particularly insidious tactic is emerging of infiltrating companies by placing their own operatives within Software Developer teams (simply referred to as Devs). They’re objectives include siphoning of funds by any means possible, including the salary they’re paid, extracting intelligence and even extend to nepotism by successfully referring other DPRK associates into obtaining contracts with the same protocol, thus increasing the risk (to the victim organization) and reward to North Korea's deposit accounts.
The increased use of developers has accelerated software delivery but also introduced new security vulnerabilities. DPRK likely recruits individuals with strong …
IoC
b721adfc3d9fe01e9b3332183665a503447b1d35