Microsoft is warning of a new cyber threat targeting individuals through job offers
November 14, 2023

Microsoft is warning of a new cyber threat targeting individuals through job offers

Blog

The so-called BlueNoroff campaign, which is actually the brainchild of North Korea's Lazarus hacking group, targets individuals who are looking for work through online platforms such as Linkedin. Microsoft warns that hackers are stealing sensitive information from individuals in the cyber world, offering them to test their skills through fake assessment platforms before applying for a job.

BlueNoroff actually presents portals and platforms for assessing the skills of individuals and then uses them to steal sensitive data from them to use in the cryptocurrency industry. The operation in which these fake tools operate is called Sapphire Sleet and it usually makes contact with individuals through platforms such as Linkedin. After hackers establish successful communication, they redirect the cyber threat to other platforms, increasing the risk for a larger number of victims.

The Lazarus Group as a whole has a notorious history of targeting cryptocurrency industry professionals through misleading job postings. However, how Microsoft warnstheir recent action using skill assessment platforms marks a significant shift in hacker tactics.

Gigant notes that BlueNoroff typically distributes malware by sending attachments or via embedded links on GitHub. Several malicious domains and subdomains then host their sites that contain fake business skills assessment platforms, which then encourages job recruiters to sign up for these fraudulent accounts.

Malware warning, malware warning. Microsoft warns of a new cyber threat...Shutterstock

However, the reaction of the Microsoft security team, which removed these threats, made it difficult for the group because it has to establish a new network of sites for the distribution of malware, which can also be discovered soon.

Accordingly, do not think that every opportunity on the Linkedin platform is in fact a real job opportunity, as these can often be hacker-type scams that anyone can easily fall for. The Lazarus group, by the way, is suspected of working under the direct command of the North Korean government, and its goals are not always the same.

However, they are often linked to the theft of cryptocurrencies from targets in Western countries, and these funds are then allegedly used to invest in the country and advance its nuclear weapons program.