North Korea Hackers Are Applying For Crypto Jobs Via Fake Accounts to Compromise Companies
- In a bid to support its nuclear and missile program, North Korea is reportedly sponsoring hackers to raise more funds.
- Rather than hack crypto exchanges and other crypto projects, members of the Lazarus group now pose as tech experts on Indeed and LinkedIn.
A report published by Bloomberg claims that hackers based in North Korea are trying other means of raising funds illegally from the crypto market. Per the report, North Korean hackers, who are ostensibly related to the local authorities, are stealing online profiles to apply for crypto jobs, and later compromise the respective companies.
‘Hard Work Pays’: North Korea Hackers
In a bid to support its nuclear and missile program, North Korea is reportedly sponsoring hackers to raise more funds. Moreover, the country has struggled with its finances following a long-term economic sanction by the top world economies.
Such activities include stealing in-game currencies through botting and hacking financial institutions. And now, they have devised new techniques to make more money.
Rather than hack crypto exchanges and other crypto projects, members of the Lazarus group now pose as tech experts on Indeed and LinkedIn. However, most have been plagiarizing the resumes of true tech experts on LinkedIn. An analyst with Mandiant, Joe Dobson, said these hackers’ target was blockchain development jobs. The goal of these hackers is to gain insider information about these companies.
Thus, they can find a loophole to exploit when they are ready to attack the firm. Dobson explained that their goal is to become insider threats. Once they become employees and rise through the ranks to become a core developer for a crypto project, it allows them to make the influence they desire.
Apart from plagiarizing resumes, these hackers also include fake info in their resumes. They often have vague descriptions of their roles in previous projects. They also claim to have written whitepapers for non-existent exchanges. Mandiant argued that it discovered that some firms have already unknowingly hired members of the Lazarus group.
However, it didn’t reveal the names of such companies. Yet, some interviewers are starting to share their experiences with these fake blockchain developers. The Mandiant study said many of these hackers have been plagiarizing the resumes of the Russians and the Chinese.
However, a few of them have also been blatantly copying the CVs of Africans and South East Asians. Reportedly, most of these hackers only edit personal details on the resumes they are copying. Additionally, most of them claim to be residents or citizens of South Korea, Japan, and the US.
Worth noting, that almost all of them are applying for crypto jobs at companies based in the United States and counties in Europe.
Consequently, Mandiant has advised recruiters to be extra thorough when screening job seekers. Furthermore, some companies may never recover from hacker exploits.
Morphing to Fit In
The Lazarus hacker group has masterminded several cyber attacks, including on crypto exchanges and cross-chain bridges. One of its most recent alleged exploits was the attack on Harmony’s Horizon bridge, where the group made away with over $100 million worth of digital assets.
Worth noting, that law enforcement, mostly those from the United States, have traced the attacks to the group because the technique used to siphon the funds is a common style by the said hackers.