North Korean hackers are hijacking online profiles on LinkedIn to seek remote jobs in crypto companies to gain information for their attacks.
North Korean hackers have upgraded their tactics to exploit cryptocurrency companies. Reports have shown that the hackers are now plagiarizing online LinkedIn Resumes. They apply to crypto positions with fake profiles claiming to be from other countries to steal information for their illicit money-raising goals.
How North Korean hackers are exploiting crypto firms
Cybersecurity researchers at Mandiant reviewed the information following a US warning on a similar scheme in May. The researchers explained that North Korean hackers steal unique details they find on responsible profiles on LinkedIn and Indeed for their resumes to secure remote work in cryptocurrency firms.
On July 14, the researchers noticed an applicant who posed as an “innovative and strategic thinking professional” and an experienced software developer in the tech industry. The alleged job seeker added to his cover letter a line that reads, “The world will see the great result from my hands.” The researchers also found the same data and description in a different profile.
US warned on North Korea’s fake resume
This reinforced the allegations proposed by the US government in May. The US had warned that North Korean IT workers are trying to secure freelance employment abroad using fake profiles with negative mindsets of gaining information on how to launch their attacks. According to the US advisory, the IT workers claim to have basic required skills that suit the job, such as Mobile App development, mobile gaming, and building Virtual currency exchanges.
The US said the North Korean IT workers were residing in China and Russia, with few numbers in southeast Asia. Meanwhile, they also targeted freelance contracts in wealthier countries. The IT workers, in most cases, do present themselves as South Korean, Japanese, or US-based Teleworkers following the US warning information.
Mandiant researchers disclosed that the hackers receive information about upcoming crypto trends by gaining leaked information from crypto companies, enabling them to launch their attacks successfully without any trace.
“It comes down to insider threats,” he said. “If someone gets hired onto a crypto project, and they become a core developer, that allows them to influence things, whether for good or not.” Joe Dobson, a principal analyst at Mandiant, warned.
The researchers at Mandiant added that the hackers also gain Resumes from fake job listing websites where job applicants present their profile data while the hackers use them for their own detriment.
Hackers are increasingly stepping up their efforts as they create fake domains and phishing websites with malicious softwares attached to breach and steal unique data. “We see torrent of this every day, their ability to come up with convincing cover companies is getting better and better,” said Proofpoint’s Ryan Kalember.