Research from Secureworks Counter Threat Unit (CTU) has revealed links between the North Korean fake IT workers scheme and fraudulent crowdfunding activity.
The group associated with the crowdfunding scam has been identified by Secureworks as Nickel Tapestry, a threat actor that comprises multiple clusters of activity operated on behalf of North Korean interests.
The scam garnered around $20,000 and showcases an earlier example of North Korean threat actors experimenting with various money-making schemes that predate the use of fraudulent IT workers.
Rafe Pilling, Director of Threat Intelligence, Secureworks CTU, commented, “Over the past 12 months we’ve seen the North Korean IT worker scheme evolve, leveraging deepfakes and AI. To counter state-sponsored groups like Nickel Tapestry, it’s crucial to understand not only how their tradecraft is changing, but also where it began.”
Through a patchworks of domain names, front companies and email addresses, the CTU was able to link Nickel Tapestry to an IndieGoGo crowdfunding campaign page, which advertised a Kratos portable wireless memory device.
However, buyer comments indicated that the campaign was a scam and that the campaign backers never received a product or refund from the seller.
“This 2016 campaign was a low-effort, small monetary-return endeavor compared to the more elaborate North Korean IT worker schemes active as of this publication,” Secureworks CTU said in a blog post.
No tags.
