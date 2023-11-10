In a recent revelation, cybersecurity experts have identified a significant shift in the tactics employed Sapphire Sleet, a notorious threat actor known for cryptocurrency theft through social engineering. Microsoft’s threat intelligence team has closely monitored this nation-state-sponsored hacker group based in North Korea, which has been targeting organizations within the cryptocurrency sector.

Traditionally, Sapphire Sleet’s modus operandi involved manipulating social engineering techniques to steal cryptocurrencies. However, their latest approach involves masquerading as skills assessment portals on websites, with a specific focus on users of LinkedIn’s professional networking platform.

The hackers initiate their attacks targeting potential victims on LinkedIn and enticing them with deceptive lures related to skills assessment. Once communication is established, the threat actor moves the conversation to other platforms, continuing their nefarious activities.

In the past, Sapphire Sleet utilized malicious attachments or links hosted on legitimate platforms to execute their attacks. However, the threat actor has evolved their strategy due to the increased detection and removal of these malicious files. As a result, they have resorted to creating their own websites designed to appear as skills assessment portals, with the goal of tricking recruiters into registering accounts and gathering sensitive information.

These deceptive websites are password-protected and hosted on various malicious domains and subdomains to impede analysis. Despite their attempts to conceal their activities, Microsoft has taken proactive measures blocking these domains using Microsoft Defender SmartScreen and Network Protection.

This evolution in Sapphire Sleet’s tactics underlines the constant arms race between cybercriminals and cybersecurity professionals. As hackers adapt and refine their methods, individuals and organizations must remain vigilant. Microsoft has provided detailed reports and resources to help customers stay updated on this evolving threat and protect themselves effectively.

