Home Ethereum North Koreans Steal Resumes on LinkedIn to Get Remote Work at Crypto Firms: Researchers

North Koreans Steal Resumes on LinkedIn to Get Remote Work at Crypto Firms: Researchers

North Koreans Steal Resumes on LinkedIn to Get Remote Work at Crypto Firms: Researchers
New You can now listen to the Insurance Journal articles!

North Koreans are plagiarizing resumes online and claiming to be from other countries to get remote work at cryptocurrency firms to help illicit government fundraising efforts, cybersecurity researchers say. following a US warning about a similar program in May.

According to security researchers at Mandiant Inc., a candidate identified by Mandiant on July 14 claimed to be an “innovative and strategic thinking professional.” in the technology industry and an experienced software developer. “The world will see the great result from my hands,” the job seeker added in a cover letter.

Nearly identical language was found in another user’s profile.

Evidence uncovered by Mandiant bolsters allegations made by the US government in May. United States warned that North Korean computer scientists attempt to gain self-employment abroad while posing as non-North Korean nationals, in part to raise money for government weapons development programs. Computer scientists claim to have the kinds of skills needed for complex jobs like developing mobile apps, creating virtual currency exchanges and playing mobile games, according to the US advisory.

North Korean IT workers were mostly located in China and Russia, with smaller numbers in Africa and Southeast Asia, according to the United States. They also target freelance contracts in wealthier countries, including North America and Europe, and in many cases pose as South Korean, Japanese or even US-based telecommuters, according to the warning. American.

According to Mandiant researchers, by collecting information from crypto companies, North Koreans can gather information about upcoming cryptocurrency trends. Such data – on topics such as Ethereum virtual currency, non-fungible tokens and potential security vulnerabilities – could give the North Korean government an edge on how to launder cryptocurrency in a way that helps Pyongyang. to avoid sanctions, said Joe Dobson, principal analyst at Mandiant.

“It comes down to insider threats,” he said. “If someone is hired for a crypto project and they become a lead developer, it allows them to influence things, whether it’s for good or not.”

The North Korean government has always denied any involvement in any cyber theft.

Other alleged North Koreans have fabricated professional qualifications, with some users claiming on job applications to have published a white paper on digital currency exchange Bibox, while another posed as a senior software developer in a consulting firm focused on blockchain technology.

Mandiant researchers said they identified several suspected North Korean figures on job boards who were successfully hired as freelancers. They declined to name the employers.

“These are North Koreans trying to get jobs and get to a place where they can give money back to the regime,” said Michael Barnhart, principal analyst at Mandiant.

Additionally, North Korean users, claiming to have programming skills, have been asking questions on the coding site GitHub Inc., where software developers publicly discuss their discoveries, about major trends in the crypto world. -currency, according to Mandiant researchers.

North Korean IT workers are “targeting freelance contracts from employers located in wealthier countries”, according to the 16-page notice released by the United States in May. In many cases, North Korean workers pose as South Korean, Chinese, Japanese or Eastern European and US-based telecommuters, according to the US notice.

In April, Jonathan Wu, an executive at Aztec network, a blockchain company, described the experience of conducting a job interview with a would-be North Korean hacker as leaving him “a bit shaken”. “Terrifying, hilarious and a reminder to be paranoid and triple check your OpSec practices,” he wrote, in a Twitter thread. Neither Wu nor the company responded to messages seeking comment.

In a related tactic, suspected North Korean hackers replicated Indeed.com and used it to gather information about website visitors, according to Alphabet Inc.’s Google. By creating websites that appear real, spies can trick job seekers into sending their resumes, starting a conversation that could allow hackers to hack into their machine or steal their data, according to Ryan Kalember, executive vice president of the e-security company. emails. Propoint Inc.

Other fake domains, created by suspected North Korean operators, impersonated ZipRecruiter, a Disney careers page and a site called Variety Jobs, according to Google.

“We see a torrent of it every day,” Kalember said. “Their ability to find compelling hedge companies is getting better and better.”

In February, security firm Qualys Inc. said it detected a phishing campaign in which the so-called Lazarus Group, a name the US government sometimes uses to describe Pyongyang-backed hackers, was targeting job candidates. at Lockheed Martin Corp. .

Hackers sent individual messages that appeared to be from Lockheed Martin, using attachments that appeared to include company information but actually contained malware. The ruse followed similar efforts in which the attackers impersonated BAE Systems Plc and Northrop Grumman Corp., according to Qualys.

“If you look at job postings, they appeal to people’s egos and the desire for money,” said Adam Meyers, senior vice president of intelligence at CrowdStrike Holdings Inc. fake job postings are an opening bet for their wider cyberattacks and espionage.

North Korea’s focus on cryptocurrency theft comes after hackers in the country spent years stealing money from the global financial system, Mandiant researchers said. After a notorious 2016 Bangladesh Bank robbery, where the US accused North Korean thieves of trying to steal nearly $1 billion, global banks added safeguards meant to prevent such breaches .

“The market has changed where banks are safer, and cryptocurrency is a totally new market,” Dobson said. “We’ve seen them go after end users, crypto exchanges, and now crypto bridges.”

Photograph: North Korean flag made by human pixels holding colorful signs in Pyongyang, North Korea. Photo credit: Eric Lafforgue/Art in All of Us/Corbis News/Getty Images.

Copyright 2022 Bloomberg.


Please enter your comment!
Please enter your name here