Hackers steal developer credentials to support fake IT worker scheme.

North Korea’s DeceptiveDevelopment campaign targets cryptocurrency and decentralized finance developers with fake job offers to steal identities and deploy malware, including BeaverTail, InvisibleFerret, and OtterCookie. ESET reports that the stolen developer information is handed to fraudulent North Korean IT workers tracked as WageMole, who use the credentials to pose as job seekers and secure remote positions at Western companies. The IT workers operate in teams with designated leaders who set quotas and coordinate operations targeting primarily the US and several European countries. Some workers have expanded beyond programming to impersonate civil engineers and architects using falsified credentials.

Read more:

https://www.securityweek.com/north-koreas-fake-recruiters-feed-stolen-data-to-it-workers/