Embedded Files
North Korean IT Worker Fraud ka connection 2016 Crowdfunding Scam aur Fake Domains se link hua!
North Korean IT Worker Fraud ka Connection 2016 Crowdfunding Scam aur Fake Domains se Joda Gaya
Cybersecurity researchers ne North Korean threat actors ke fraudulent IT worker schemes aur ek 2016 crowdfunding scam ke beech links identify kiye hain.
SecureWorks Counter Threat Unit (CTU) ke report ke mutabik, Pyongyang-based groups ne illegal money-making scams shuru kiye the jo IT worker schemes ke shuru hone se pehle ke hain.
IT Worker Fraud Scheme kya hai?
Ye scheme 2023 ke end tak saamne aayi thi, jisme North Korean hackers fake identities ke under Western aur dusre global companies mein job karte hain. Iska purpose sanctions-hit North Korea ke liye revenue generate karna hai. Ye scheme "Famous Chollima," "Nickel Tapestry," "UNC5267," aur "Wagemole" ke naam se bhi track ki ja rahi hai.
South Korea ke Ministry of Foreign Affairs (MoFA) ne in IT workers ko 313th General Bureau ka hissa assess kiya hai, jo Workers' Party of Korea ke under kaam karta hai.
Fake Companies aur International Operations
North Korean IT workers China aur Russia bheje jaate hain, jahan unhe fake companies ke liye kaam karne ko kaha jata hai, jaise Yanbian Silverstar aur Volasys Silver Star. U.S. Treasury Department ne in companies par 2018 me sanctions lagaye the kyunki inhone North Korean workers ke revenue ko hide karne aur export karne ka kaam kiya.
Fake Domains aur Crowdfunding Scam Connection
2023 me, U.S. government ne 17 fake domains seize kiye jo U.S.-based IT services companies ko impersonate karte the. In domains ka use North Korean IT workers ke identity aur location ko hide karne ke liye kiya gaya.
Ek confiscated domain "silverstarchina[.]com" tha, jo Yanbian Silverstar ke offices se linked tha. SecureWorks ne WHOIS records ke analysis ke baad ek aur domain "kratosmemory[.]com" identify kiya, jo ek 2016 IndieGoGo crowdfunding scam se connected tha. Is campaign me 193 backers ne $21,877 invest kiye the, lekin unhe na product mila aur na refund.
Cryptocurrency Heists aur Advanced Threats
North Korea ke Lazarus Group jaise advanced persistent threat (APT) groups cryptocurrency exchanges aur users ko target kar rahe hain. 2024 me alone, inhone $659 million worth cryptocurrency chura li. WazirX jaise bade Indian exchanges bhi in attacks ke shikar hue hain.
WazirX ke founder Nischal Shetty ne kaha, "Ye ek critical moment hai. Hum har possible effort karenge assets recover karne ke liye."
2024 me, North Korean hackers ne total $1.34 billion cryptocurrency hack ki, jo 2023 ke $660.50 million se zyada hai.
North Korean IT worker fraud schemes aur unke connections pe deeper analysis karte hain, jisme har aspect ka breakdown milega.
1. Fraudulent IT Worker Schemes: Kya aur Kaise?
1. Fraudulent IT Worker Schemes: Kya aur Kaise?
North Korea ke IT workers ka primary purpose hota hai sanctions-hit economy ke liye illegal tarikon se revenue generate karna. Ye workers fake identities ke saath Western aur global companies me job karte hain.
Process:
Fake resumes aur qualifications use karke freelance platforms ya direct hiring channels ke through jobs secure karte hain.
Payments cryptocurrency ya anonymous methods ke through lete hain, taaki trace na kiya ja sake.
Organizations Behind It:
313th General Bureau: Ye Workers’ Party of Korea ke under ek wing hai, jo military aur cyber operations ke liye jaana jata hai.
Front Companies:
Yanbian Silverstar aur Volasys Silver Star jaise firms ke zariye IT workers ko legal tarikon se placement dikhaya jata hai, jabki asli kaam revenue funnel karna hota hai.
2. Crowdfunding Scam Connection: Evolution of Tactics
2. Crowdfunding Scam Connection: Evolution of Tactics
2016 ke crowdfunding scam se North Korea ke threat actors ne chhoti scams ke zariye apni skills aur tactics develop ki.
Kratos Memory Campaign:
Ek IndieGoGo campaign me North Korean operatives ne ek innovative product ka idea present kiya, jisme unhone 193 backers se $21,877 raise kiye.
Scam ka proof tab mila jab backers ko na product mila aur na refund.
Domain Reuse:
SecureWorks ke analysis ke mutabik, in domains ko later IT worker fraud schemes ke liye repurpose kiya gaya, jo strategy ki sophistication dikhata hai.
3. Advanced Techniques: Fake Domains aur Impersonation
3. Advanced Techniques: Fake Domains aur Impersonation
North Korean hackers ke methods ab advanced aur targeted ho gaye hain.
Fake Domains:
Fake websites jaise “silverstarchina[.]com” banakar IT services firms ka impersonation kiya gaya.
SecureWorks ne identify kiya ki WHOIS records aur registrant details directly Yanbian Silverstar ke offices se match karte hain.
Social Engineering:
In campaigns me psychological manipulation ka use karke clients aur hiring managers ko deceive kiya jata hai.
4. Cryptocurrency Heists: Evolution Towards Blockchain Attacks
4. Cryptocurrency Heists: Evolution Towards Blockchain Attacks
North Korea ke Lazarus Group jaise threat actors ab cryptocurrency aur blockchain ecosystems ko actively target kar rahe hain.
Techniques Used:
Malware Families: TraderTraitor aur AppleJeus jese malware use hote hain jo cryptocurrency wallets ko compromise karte hain.
Phishing Attacks: Fake investment schemes aur malicious links ke zariye victims ko target karte hain.
Recent Impact:
2024: $1.34 billion ka cryptocurrency theft, jo 2023 ke $660.50 million se double hai.
Targets: WazirX, Upbit, aur DMM Bitcoin jaise major exchanges.
5. Implications for Global Cybersecurity
5. Implications for Global Cybersecurity
Economic Damage:
North Korea ki ye tactics global economies me fraud aur theft badhati hain, jo sanctions ka impact mitigate karne me madad karti hain.Threat Escalation:
Pyongyang-based cyber units ka expertise rapidly grow kar raha hai, jo unhe long-term sophisticated attacks karne me capable banata hai.
6. Countermeasures: Kya kiya ja sakta hai?
6. Countermeasures: Kya kiya ja sakta hai?
Awareness:
Companies aur individuals ko fake profiles aur scams identify karne ke liye train kiya jaye.Sanctions:
U.S. jaise countries ne Yanbian Silverstar aur uske leaders par sanctions lagaye hain, jo in operations ko slow kar sakte hain.Global Collaboration:
South Korea, Japan aur U.S. ka blockchain industry ke liye joint warning iss baat ka indication hai ki global cybersecurity alliances critical hain.
Conclusion
Conclusion
North Korea ke IT worker fraud schemes aur blockchain attacks dikhate hain ki unki strategy har level par evolve ho rahi hai – chhoti crowdfunding scams se lekar advanced cryptocurrency thefts tak. Ye development sirf ek economic challenge nahi, balki global security ke liye ek bada threat hai.
Key Takeaway: Collaboration aur advanced threat detection tools ka use karna, aaj ke cyber landscape me sabse bada need hai.
Page updated
Google Sites
Report abuse