Crypto thieves from North Korea are impersonating experts using fake resumes and identities, Bloomberg News reported Aug. 1.
According to Bloomberg, interviews with cybersecurity experts showed that these fraudsters actively plagiarize information from legitimate profiles to apply for jobs on Indeed and LinkedIn.
North Korean thieves targeting crypto jobs
Cybersecurity company Mandiant reported that a suspected North Korean job seeker claimed to be an “innovative and strategic thinking professional,” adding, “The world will see the great result from my hands.”
While the applicant claimed to be an experienced software developer, researchers at the firm found strikingly similar language on someone else’s profile.
Beyond plagiarizing resumes, researchers also discovered that some suspected North Koreans doctored qualifications when applying for jobs.
These include lying about publishing the whitepaper for the Bibox crypto exchange or posing as a senior software developer. The researchers added that several employers had hired these suspected North Koreans as freelancers.
Why crypto jobs?
The principal analyst at Mandiant, Joe Dobson, said the new scheme could be a way to gather intelligence about cryptocurrency trends before they happen. Dobson said:
“It comes down to insider threats. If someone gets hired onto a crypto project, and they become a core developer, that allows them to influence things, whether for good or not.”
Additionally, the researchers pointed out that some of these activities might be state-sponsored to give the DPRK government an edge in laundering illicit funds from crypto crimes.
While North Korean authorities have constantly denied being sponsors of crypto crimes, available public information says otherwise.
The US had previously warned of this threat
The new report supports an earlier warning from the US government that North Korean IT workers were trying to get foreign freelancing positions by posing as citizens of other countries.
The 16-page advisory released two months ago claimed that the IT workers focus on “freelance contracts from employers located in wealthier nations.”
Google warns of fake job sites
Meanwhile, Google also reported that suspected hackers from North Korea had replicated several popular job websites such as Indeed.com and ZipRecruiter to gather information from visitors and possibly steal their data.
In such cases, they gather information from job seekers and send malicious software to access their data.