Microsoft warns LinkedIn users of fake skills assessment portals

Those in IT and recruiting roles should watch out for unsolicited messages

John Leonard
clock • 2 min read
Microsoft warns LinkedIn users of fake skills assessment portals

Microsoft warns LinkedIn users of fake skills assessment portals

Microsoft has issued a warning about fake skills assessment portals being used in social engineering campaigns by a North Korean hacking group known as Sapphire Sleet.

Sapphire Sleet, which is part of the notorious Lazarus Group, has a history of stealing cryptocurrencies through scams and phishing attempts. The group typically finds targets on LinkedIn and initiates contact using lures related to skills assessments.

According to a series of posts on X, Microsoft, Sapphire Sleet has recently established new portals that impersonate recruiting and skills testing sites. The fake websites require users to register for an account, enabling the hackers to gather sensitive personal information and credentials.

The sites are hosted on malicious domains and are password-protected to avoid analysis. Microsoft has already blocked many of the known domains being used in these campaigns.

Microsoft believes the shift to fake skills assessment portals may indicates Sapphire Sleet has changed direction due to the quick detection and take-down of their previous malicious attachments and links.

Sapphire Sleet is now specifically targeting LinkedIn users based on their expertise and experience. The initial outreach contains links to the fraudulent sites disguised as legitimate skills tests.

Microsoft advises LinkedIn users, especially those in IT and recruiting roles, to be cautious of unsolicited messages containing links or skill assessment offers. Users should verify the authenticity of any websites before providing login credentials or sensitive information.

Lazarus, also known as Hidden Cobra, became widely known in 2014 when it hacked Sony Pictures over the film The Interview, a comedy centring on the assassination of North Korean leader Kim Jong-un. It is believed to be closely connected to the North Korean government.

Later the group turned its attention to cryptocurrency thefts, and was thought to have stolen roughly $400 million in cryptocurrency in 2021.

It is also blamed for the Ronin hack in March 2022, which resulted in the theft of more than $600 million in ethereum and USDC stablecoins.

You may also like
IT Essentials: It never rains but it pours


Forecast is for damp, blustery politicians

clock 27 May 2024 • 3 min read
Microsoft outage disrupts search engines, AI tools


Extended beyond Microsoft's own products

clock 24 May 2024 • 2 min read
Microsoft Build 2024: Five things to know about Copilot+ PCs

Artificial Intelligence

“We’re going to have a big refresh moment,” says Microsoft VP Mark Linton

clock 22 May 2024 • 7 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Hacking

MoD hack: IT contractor concealed major hack for months

MoD hack: IT contractor concealed major hack for months

SSCL was reportedly awarded a contract worth over £500,000 in April, despite the breach occurring weeks earlier

clock 13 May 2024 • 2 min read
Dell confirms data breach affecting 49m people

Dell confirms data breach affecting 49m people

No financial info stolen, but names and addresses were leaked

clock 10 May 2024 • 2 min read
LockBit leader unmasked

LockBit leader unmasked

Named as Russian national Dmitry Khoroshev

clock 08 May 2024 • 3 min read