North Koreans plagiarize online resumes from legitimate LinkedIn and Indeed profiles to get jobs in US cryptocurrency companies. Bloomberg writes about this, citing security researchers from Mandiant Inc.
As a rule, North Koreans attribute to themselves specialization in the technology industry and experience in software development. They actively communicate on the profile site GitHub, learning about the latest trends in the field of cryptocurrencies.
Mandiant researchers reported on questionnaires from residents of the DPRK in which they published the white paper of the Bibox digital currency or posed as a senior software developer at a consulting company specializing in blockchain technology.
Experts have identified several suspected North Koreans on job sites who have been hired as freelancers. They refused to name the employers.
Pretending to be from other countries, North Koreans are seeking to get remote jobs in cryptocurrency companies in order to be able to earn or launder funds for the sanctioned government, according to Mandiant.
The DPRK government denies involvement in any cyber security theft.
In April, the chief executive of blockchain company Aztec Network, Jonathan Wu, described being “a little overwhelmed” by his experience interviewing a potential North Korean hacker.
“Scary, fun and reminds you to be paranoid and triple check your methods Opsec”, — wrote he’s on Twitter.
Among the techniques used by the suspected North Korean hackers is the launch of the fake site Indeed.com to collect information about its visitors, according to Google Alphabet Inc. Thus, attackers trick applicants into submitting resumes in order to further hack into their computer or steal data.
The hackers also spoofed ZipRecruiter domains, the Disney job page, and the Variety Jobs website, according to Google.
In February, the cybersecurity firm Qualys Inc. said it discovered a phishing campaign in which the North Korean Lazarus Group targeted job seekers at Lockheed Martin Corp.
The hackers sent messages purporting to be Lockheed Martin, attaching malware as attachments. In a similar fashion, the attackers posed as BAE Systems Plc and Northrop Grumman Corp.
According to Mandiant researchers, North Korea has focused on stealing cryptocurrencies after years of attacks on the global financial system.
“The market has changed, banks have become more secure, and cryptocurrency is a whole new field. We have seen them target end users, crypto exchanges, and now crypto bridges,” the analysts said.
Evidence unearthed by Mandiant supports allegations made by the US government in May.
Recall that then the Ministry of Finance, the State Department and the FBI issued a document warning about the activities of IT specialists from North Korea, who get freelance work in various technology, including cryptocurrency projects.
According to the US authorities, the DPRK receives income through such employees, which it directs to finance weapons programs.
Read ForkLog bitcoin news in our Telegram – cryptocurrency news, courses and analytics.
Found a mistake in the text? Select it and press CTRL+ENTER