Because of the long-standing embargo on the North Korean regime, local authorities have made headlines countless times for unusual – and often illegal – ways to raise funds.
From hacking regular banks to farming in-game currency through botting, the methods range from essentially harmless to outright threats to national security.
Crypto markets are targeting full strength
In recent years, the North Korean regime has targeted the crypto market, with multiple attacks on crypto exchanges by the Lazarus Group and others. However, a recent report by Bloomberg and Mandiant security researchers indicates that North Korean government-sponsored hackers are now focusing more on another method of raising funds through the crypto market.
Instead of hacking vulnerable crypto exchanges and other projects like Harmony, the Lazarus Group now has members posing as IT professionals on LinkedIn and Indeed by hijacking the resumes of legitimate users.
According to Joe Dobson – one of Mendiant’s analysts – these are then processed and sent to companies that hire blockchain developers in the hope of obtaining confidential information and creating backdoors that would allow exploitation of said platforms at a later date.
“It’s insider threats. If someone gets hired on a crypto project and becomes a core developer, that allows them to influence things, whether for good or not.”
While CVs are mostly plagiarism, some also include blatantly false information – such as white papers for exchanges that appear to have never existed, deliberately vague job descriptions, etc. from the publication of the information.
On Twitter, however, stories have surfaced from an interviewer allegedly taking aim at Lazarus’ latest project.
No bullshit, I think I just interviewed a North Korean hacker.
Scary, hilarious and a reminder to paranoid and triple check your OpSec practices.
Here’s how it went:
— jonwu.(🗽, 🍎) (@jonwu_) April 29, 2022
The report states that most of the eligible resumes refer to the skills of Chinese and Russian individuals, with a smaller number of resumes being copied by developers in Africa and Southeast Asia. These resumes are then used to create multiple fake profiles of job seekers, many of which use almost the same language to describe their skill sets.
A smaller group also claimed to be South Korean, Japanese or US-based remote workers. In any case, almost all of the CVs found applied for positions in the US and Europe.
The report advises recruiters to remain vigilant when screening applicants, noting the significant damage to one’s company that can be caused by even a small compromise of its internal software systems.
Binance Free $100 (Exclusive): Use this link to sign up and get $100 free and 10% off your first month of Binance Futures commissions (terms).
PrimeXBT Special Offer: Use this link to sign up and enter code POTATO50 to get up to $7,000 in your deposits.