North Koreans suspected of using fake resumes to steal crypto

Spread the love


Suspected North Korean thieves are plagiarizing resumes and pretending to be from other countries as part of a wider effort to raise money for the government in Pyongyang, according to interviews with cybersecurity experts and data provided to Bloomberg News.

The fraudsters are plundering job listings on LinkedIn and Indeed, incorporating details they find on legitimate profiles into their own resumes in order to try getting hired at US cryptocurrency firms, according to security researchers at Mandiant Inc. One suspected North Korean job seeker recently claimed to be an “innovative and strategic thinking professional” in the tech industry, according to Mandiant, and added, “The world will see the great result from my hands.” The job applicant’s account, which Mandiant identified on July 14, claimed to be from an experienced software developer. But researchers found nearly identical language in another person’s profile.

By collecting information from crypto companies, the researchers said, North Koreans can gather intelligence about upcoming cryptocurrency trends. Such data – about topics like Ethereum virtual currency, nonfungible tokens and potential security lapses – could give the North Korean government an edge in how to launder cryptocurrency in a way that helps Pyongyang avoid sanctions, said Joe Dobson, a principal analyst at Mandiant.

“It comes down to insider threats,” he said. “If someone gets hired onto a crypto project, and they become a core developer, that allows them to influence things, whether for good or not.”

The North Korean government has consistently denied involvement in any cyber-enabled theft.

Other suspected North Koreans have fabricated job qualifications, with some users claiming on job applications to have published a white paper about the Bibox digital currency exchange, while another posed as a senior software developer at a consultancy focused on blockchain technology.

Mandiant researchers said they had identified multiple suspected North Korean personas on employment sites that have successfully been hired as freelance employees. They declined to name the employers.

“These are North Koreans trying to get hired and get to a place where they can funnel money back to the regime,” said Michael Barnhart, a principal analyst at Mandiant.

In addition, North Korean users, claiming to have programming skills, have posed questions on the coding site GitHub Inc., where software developers publicly discuss their findings, about larger trends in the cryptocurrency world, according to the Mandiant researchers.

The evidence detected by Mandiant reinforces allegations made by the US government in May. The US warned that North Korean IT workers are trying to obtain freelance employment abroad while posing as non-North Korean nationals, in part to raise money for government weapons development programs. The IT workers claim to have the kinds of skills necessary for complex work like mobile app development, building virtual currency exchanges and mobile gaming, according to the US advisory.

North Korean IT workers “target freelance contracts from employers located in wealthier nations,” according to the US’s 16-page advisory released in May. In many instances, the North Korean workers present themselves as South Korean, Chinese, Japanese or Eastern European and US-based teleworkers, according to the US advisory.

In April, an executive at Aztec Network, a blockchain company, described the experience of conducting a job interview with a possible North Korean hacker as leaving him “a little shaken.” “Terrifying, hilarious and a reminder to be paranoid and triple-check your OpSec practices,” he wrote, in a Twitter thread. The executive didn’t respond to a message seeking comment.

In a related tactic, suspected North Korean hackers have replicated and used it to gather information on website visitors, according to Alphabet Inc.’s Google. By setting up websites that appear to be real, spies can dupe job-seekers into sending their resume, thus beginning a conversation that could enable hackers to breach their machine or steal their data, according Ryan Kalember, executive vice president at the email security firm Proofpoint Inc.

Other fake domains, created by suspected North Korean operators, impersonated ZipRecruiter, a Disney careers page and a site called Variety Jobs, according to Google.

“We see a torrent of this everyday,” said Kalember. “Their ability to come up with convincing cover companies is getting better and better.”

In February, the security firm Qualys Inc. said it detected a phishing campaign in which the so-called Lazarus Group, a name that the US government sometimes uses to describe Pyongyang-backed hackers, targeted job applicants who applied for roles at Lockheed Martin Corp.

The hackers sent individual messages that appeared to be from Lockheed Martin, using email attachments that appeared to include information from the company but in fact contained malicious software. The ruse followed similar efforts in which attackers posed as BAE Systems Plc and Northrop Grumman Corp., according to Qualys.

“If you look at the job listings, they’re appealing to people’s ego and the desire for money,” said Adam Meyers, senior vice president of intelligence at CrowdStrike Holdings Inc. “They’re capitalizing on that, but the fake job listings are an opening gambit for their broader cyberattacks and espionage.”

North Korea’s focus on stealing cryptocurrency comes after the country’s hackers spent years stealing money from the global financial system, Mandiant researchers said. After a notorious 2016 heist on Bangladesh Bank, where the US accused North Korean thieves of trying to steal close to $1 billion, global banks added safeguards meant to stop such breaches.

“The market has changed where banks are more secure, and cryptocurrency is a totally new market,” Dobson said. “We’ve seen them go after end-users, crypto exchanges and now the crypto bridges.”


Source link


19 thoughts on “North Koreans suspected of using fake resumes to steal crypto

  1. Hmm is anyone else encountering problems with the images on this blog loading?
    I’m trying to figure out if its a problem on my end or
    if it’s the blog. Any responses would be greatly appreciated.

  2. This is really attention-grabbing, You’re a very skilled
    blogger. I’ve joined your feed and look forward to in the hunt for
    more of your wonderful post. Also, I’ve shared your web
    site in my social networks

  3. Hi there! I just want to offer you a huge thumbs up for your great info you have here on this post.
    I will be coming back to your web site for more soon.

  4. Nice post. I was checking constantly this blog and I’m impressed!
    Extremely helpful information particularly the last part 🙂 I care for
    such information a lot. I was seeking this particular information for a very long time.
    Thank you and good luck.

  5. Jack helped me build my LEGO hoverboard. But he turned it accidentally into a giant spaceship.

    Jack is a genius! find top lego building sets For me, playing with Legos daily has become an important
    ritual. It is so therapeutic to get lost among the bricks and watch my creations grow.
    Lego Ideas is a line of fan-created creations that showcases the amazing talent in the Lego community.

  6. brillx официальный сайт играть онлайн
    Добро пожаловать в удивительный мир азарта и веселья на официальном сайте казино Brillx! Год 2023 принес нам новые горизонты в мире азартных развлечений, и Brillx на переднем крае этой революции. Если вы ищете непередаваемые ощущения и возможность сорвать джекпот, то вы пришли по адресу.Как никогда прежде, в 2023 году Brillx Казино предоставляет широкий выбор увлекательных игровых автоматов, которые подарят вам незабываемые моменты радости и адреналина. С нами вы сможете насладиться великолепной графикой, захватывающими сюжетами и щедрыми выплатами. Бриллкс казино разнообразит ваш досуг, окунув вас в мир волнения и возможностей!

  7. Great blog you have here but I was curious if you knew of any forums
    that cover the same topics discussed in this article?

    I’d really like to be a part of group where I can get
    responses from other experienced individuals that share the same interest.
    If you have any recommendations, please let me know.
    Many thanks!

  8. It’s hard to come by knowledgeable people in this particular subject,
    however, you sound like you know what you’re
    talking about! Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *