Cybersecurity experts claim North Korean hackers are posing as job applicants for crypto jobs in wealthy countries to fund government operations.
So-called North Korean software developers are scraping LinkedIn and job site Indeed to steal profile information from legitimate applicants to apply for jobs at U.S. crypto firms.
Security researchers at the cybersecurity firm Mandiant found an application from a supposed software developer that matched the semantics of an existing profile.
Researchers say the North Koreans can get a head start on emerging cryptocurrency trends from cryptocurrency firms if employed, giving them cutting-edge tools to evade sanctions imposed on Pyongyang. In other words, firms could face potential danger from insiders.
Tentacles continue to spread
But the tactics don’t stop there. Analysts say North Koreans are finding novel ways to find a position from which they can send money back home. Some applicants claim to have authored a whitepaper about a cryptocurrency exchange Bibox. Another pretended to be a senior software developer at a blockchain consultancy firm. Researchers also found freelance positions at certain undisclosed crypto firms filled by North Koreans.
They have also seeded the popular software repository site GitHub with questions, as the site is a nerve center for discussing trends in the cryptocurrency industry and is a hub of collaboration between software developers.
In May, the U.S. government issued guidance on information technology workers from North Korea. The note warned American employers that the communist state dispatches skilled IT workers to generate income for developing weapons of mass destruction. In-demand skill-sets such as app and software development are being filled by North Koreans that pretend to be of a different nationality. Popular pseudo-nationalities include South Korean, Chinese, Japanese, and eastern European. While many of these jobs are legitimately carried out, the U.S. government explained that some freelancers had exploited access to sensitive data to feed the regime back home.
Lazarus Group joins the fray
According to Alphabet Inc.’s Google, North Korean hackers are suspected of having hacked career site Indeed.com to collect applicant data that can be used to strike up conversations that eventually lead to a breach of applicants’ machines, according to Ryan Kalember from Proofpoint Inc. He added that fake websites are becoming increasingly convincing.
Hackers from the notorious collective known as the Lazarus Group sent bogus emails offering people jobs at Lockheed Martin. The emails used social engineering methods that appealed to people’s egos and contained seemingly-innocent attachments laced with malicious code.
The Lazarus Group is also suspected of being behind the $600 million-plus hack of the Ronin sidechain used in the NFT game Axie Infinity earlier this year.
Researchers at Mandiant suggest that North Korea’s focus on end-users, crypto businesses, and sidechains comes after traditional financial institutions hardened their cybersecurity to avoid becoming victims of illicit fund flows.
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.