NICKEL TAPESTRY expands fraudulent worker operations
Contents
With this post, the X-Ops blog is thrilled to present research from our Sophos siblings newly joining us from Secureworks, of which CTU (the Counter Threat Unit™) is a crucial part.
North Korean IT workers remain a critical insider threat
Counter Threat Unit™ (CTU) researchers continue to investigate the NICKEL TAPESTRY threat group’s scheme involving fraudulent workers operating on behalf of North Korea (formally known as the Democratic People’s Republic of Korea).
The origins of this campaign, publicly tracked as Wagemole, have been traced back to 2018, although infrastructure links suggest that NICKEL TAPESTRY has been conducting money-making schemes since at least 2016. There has been an increase in targeting of European and Japanese organizations in this campaign, likely as a result of increased awareness among U.S.-based organizations and actions taken to combat the threat. Fraudulent applicants applying to positions based in Japan and the U.S. have impersonated Vietnamese, Japanese, and Singaporean professionals, …
North Korean IT workers remain a critical insider threat
Counter Threat Unit™ (CTU) researchers continue to investigate the NICKEL TAPESTRY threat group’s scheme involving fraudulent workers operating on behalf of North Korea (formally known as the Democratic People’s Republic of Korea).
The origins of this campaign, publicly tracked as Wagemole, have been traced back to 2018, although infrastructure links suggest that NICKEL TAPESTRY has been conducting money-making schemes since at least 2016. There has been an increase in targeting of European and Japanese organizations in this campaign, likely as a result of increased awareness among U.S.-based organizations and actions taken to combat the threat. Fraudulent applicants applying to positions based in Japan and the U.S. have impersonated Vietnamese, Japanese, and Singaporean professionals, …