How We Caught Lazarus's IT Workers Scheme Live on Camera
Contents
Editor’s note: This work is a collaboration between Mauro Eldritch from BCA LTD, a company dedicated to threat intelligence and hunting, Heiner García from NorthScan, a threat intelligence initiative uncovering North Korean IT worker infiltration, and ANY.RUN, the leading company in malware analysis and threat intelligence.
The article was written by Mauro and Heiner.
In this article, we’ll uncover an entire North Korean infiltration operation aimed at deploying remote IT workers across different companies in the American financial and crypto/Web3 sectors, with the objective of conducting corporate espionage and generating funding for the sanctioned regime. We attributed this effort to the state-sponsored APT (Advanced Persistent Threat) Lazarus, specifically the Famous Chollima division.
Key Takeaways
- North Korean operators are infiltrating companies by posing as remote IT workers and using stolen or rented identities.
- Famous Chollima relies on social engineering, not advanced malware, convincing stories, pressure, and identity fraud drive the operation.
- Recruitment is wide-scale, …
The article was written by Mauro and Heiner.
In this article, we’ll uncover an entire North Korean infiltration operation aimed at deploying remote IT workers across different companies in the American financial and crypto/Web3 sectors, with the objective of conducting corporate espionage and generating funding for the sanctioned regime. We attributed this effort to the state-sponsored APT (Advanced Persistent Threat) Lazarus, specifically the Famous Chollima division.
Key Takeaways
- North Korean operators are infiltrating companies by posing as remote IT workers and using stolen or rented identities.
- Famous Chollima relies on social engineering, not advanced malware, convincing stories, pressure, and identity fraud drive the operation.
- Recruitment is wide-scale, …
IoC
http://aaronzeeshan.slack.com
http://aaronsfazzy.slack.com
http://https://github.com/ghost
http://https://github.com/swiftcode1121
http://gmail.com
https://github.com/neymafullstack
http://https://calendly.com/7codewizard/30min
https://us.bold.pro/my/jaron-gaston-241007104612
https://t.me/peregrine423f
https://www.linkedin.com/in/jackson-kidd-1680b2339/
https://jackson-portfolio.vercel.app
http://https://github.com/7codewizard
https://github.com/swiftcode1121
http://https://t.me/peregrine423f
http://https://www.linkedin.com/in/jackson-kidd-1680b2339/
https://github.com/7codewizard
http://otp.ee
https://calendly.com/7codewizard/30min
http://https://github.com/neymafullstack
http://Authenticator.cc
http://https://jackson-portfolio.vercel.app
http://https://us.bold.pro/my/jaron-gaston-241007104612
https://github.com/ghost
194.33.45.162
[email protected]
[email protected]
http://aaronsfazzy.slack.com
http://https://github.com/ghost
http://https://github.com/swiftcode1121
http://gmail.com
https://github.com/neymafullstack
http://https://calendly.com/7codewizard/30min
https://us.bold.pro/my/jaron-gaston-241007104612
https://t.me/peregrine423f
https://www.linkedin.com/in/jackson-kidd-1680b2339/
https://jackson-portfolio.vercel.app
http://https://github.com/7codewizard
https://github.com/swiftcode1121
http://https://t.me/peregrine423f
http://https://www.linkedin.com/in/jackson-kidd-1680b2339/
https://github.com/7codewizard
http://otp.ee
https://calendly.com/7codewizard/30min
http://https://github.com/neymafullstack
http://Authenticator.cc
http://https://jackson-portfolio.vercel.app
http://https://us.bold.pro/my/jaron-gaston-241007104612
https://github.com/ghost
194.33.45.162
[email protected]
[email protected]