Secret footage from a rigged laptop exposes how North Korean spies are slipping past your security team
Researchers captured footage showing North Korean spies using legitimate hiring tools to infiltrate crypto companies via rigged developer laptops.Summary
Security researchers from BCA LTD, NorthScan, and ANY.RUN conducted a sting operation using a monitored virtual machine disguised as a developer's laptop to capture the tradecraft of North Korean operatives, specifically the Lazarus Group's Famous Chollima division. Instead of exploiting code vulnerabilities, the attackers focused on social engineering, using legitimate AI hiring tools like Simplify Copilot and AiApply to generate polished job applications and interview responses to establish themselves as trusted insiders. They routed traffic via Astrill VPN and configured persistent remote access using Google Remote Desktop, aiming for long-term access to internal repositories and cloud dashboards rather than immediate theft. This method highlights a shift where state actors leverage standard Western productivity tools to bypass security, turning employment fraud into a major revenue stream for North Korea, estimated at nearly $3 billion in digital asset theft between 2024 and September 2025. The incident underscores a critical compliance crisis, forcing the digital asset industry to adopt rigorous "Know Your Employee" standards beyond traditional KYC protocols.
(Source:CryptoSlate)