North Korean infamous hacking group propagated malicious job postings to steal $620 million from Axie Infinity, targeting game developers…

Continue reading
$620 million in crypto was wiped out from Axie Infinity transpired from a fictitious job offer maliciously created by an infamous North Korean threat group as a plausible bait to target one of the game's developers.
In March of 2022, an attack destroyed Sky Mavis's rapidly expanding and wildly popular game.
As of April 2022, the FBI had established a connection between the attack and the Lazarus and APT38 hacking groups, both of which frequently carry out cryptocurrency heists for the North Korean government.
According to sources cited in a recent article by digital assets news outlet The Block, the attackers posed as a legitimate organization on LinkedIn and contacted employees there, offering jobs.
Due to the extremely high compensation, a senior engineer at Axie Infinity was interested in the phony job offer and went through many interviews.
The engineer received a PDF file describing the job at one point. The document, however, was the hackers' entry point into the Ronin systems, the Ethereum-linked sidechain that hosts the Axie Infinity non-fungible token-based online game.
After the employee downloaded and opened the file, an infection chain was started that ultimately allowed the hackers to compromise four token validators and one Axie DAO validator within Ronin's infrastructure.
After investigating, the company decided to let the spear-phishing victim go. To regain momentum, the game is still introducing investment initiatives and technological restarts.
Sky Mavis is still working to reimburse the affected gamers because the financial harm was so severe.
Several cryptocurrency thefts have been attributed to government-employed hackers in North Korea.
According to a report from Google's Threat Analysis Squad last year, a North Korean hacker group targeted security experts with proprietary malware after approaching them over multiple channels, including LinkedIn.
Lazarus Group members sent out false job offers to employees of cryptocurrency companies in at least 14 countries in the summer of 2020.
The United States issued a warning earlier this year about IT personnel being sent out by the Democratic People's Republic of Korea (DPRK) to take freelancing employment that could occasionally be utilized in state-backed assaults.
A year ago, research from Cyphere revealed that anyone might post job openings on LinkedIn under the guise of a legitimate business.
The FBI has lately warned against the perils of bogus job advertising, noting some frequent symptoms of fraud that internet users should bear in mind when getting unsolicited employment offers.

U.S. Army recruiting pages hijacked to display fake 404 errors reading ‘Kurdistan’, exploiting a third-party tool and exposing .mil web security gaps.