North Korean cybercriminals are targeting jobs listed on LinkedIn and actually remote working at crypto firms to steal resumes and profiles of others, according to one bloomberg Report citing security researchers at Mandient.
Its objective is to access the internal operations of these firms and gather intelligence about the upcoming trends, which are related to Ethereum network development, non-fungible tokens (NFT) and potential security lapses.
Suspected hackers were spotted on another platform, cited as the popular coding site GitHub, where developers publicly discuss ongoing discussions in the industry, according to Mandient.
This information is reportedly helping North Korean hackers launder cryptocurrencies that could later be used by the Pyongyang regime to evade Western sanctions.
“It comes down to insider threats,” said Joe Dobson, a principal analyst at Mandient. bloomberg, “If someone is hired on a crypto project, and they become a core developer, that allows them to influence things, whether for good or not.”
One such job seeker was named by researchers last month claiming to be an “innovative and strategic thinking professional” in the tech industry and a seasoned software developer.
Mandiant said he has identified several North Koreans on employment websites who have been successfully hired as freelancers. The researchers declined to name the employers.
According to Mandient analyst Michael Barnhart, “These North Koreans are trying to get hired and find a place where they can return money to the regime.”
North Korea, Crypto and Hacks
Although the North Korean government has repeatedly denied involvement in any cyber-related piracy, US government agencies, including the State Department and the FBI, earlier this year asked businesses to unknowingly hire freelancers from North Korea. But they were warned against keeping them, as they were potentially obstructing their truth. Identity and relationship with the government of the DPRK.
A joint release from US government agencies in May indicated that North Korean “IT workers are primarily based in … China and Russia, with a smaller number in Africa and Southeast Asia,” and “frequently freelance for them.” Rely on your overseas contacts to get jobs. And to interface more directly with customers.”
The US government issued a similar warning in April, saying it had “seen North Korean cyber actors targeting various organizations in the blockchain technology and cryptocurrency industry.”
The report specifically cited several target sectors of the industry, including exchanges, decentralized finance (DeFi) protocol, venture capital funds, and individual holders of large amounts of crypto-related assets such as tokens or NFTs.
In April, the US government concluded that Lazarus, a “state-sponsored hacking organization with ties to the North Korean government”, hacked the $622 million cross-chain Ronin Bridge used by the play-to-earn game Axi Infinity. was behind. ,
Analytics firm Elliptic also suggested that North Korean hackers were the most likely culprits in the Harmony Protocol’s $100 million hack in June.