North Korean cybercriminals are targeting jobs listed on LinkedIn and Indeed to plagiarize resumes and other people’s profiles to get remote work at crypto firms, according to a Bloomberg report citing security researchers at Mandiant.
The goal is to gain access to these firms’ internal operations and gather information about upcoming trends, including those related to Ethereum network development, non-fungible tokens (NFTs) and potential security is forfeited.
Another platform the suspected hackers were seen on is cited as the popular code site GitHub, where developers publicly discuss industry goings-on, according to Mandiant.
This information allegedly helps North Korean hackers launder cryptocurrencies that can later be used by the Pyongyang regime to evade Western sanctions.
“It comes down to insider threats,” said Joe Dobson, a principal analyst at Mandiant Bloomberg. “If someone gets hired on a crypto project, and they become a core developer, it allows them to influence things, either for good or not.”
One such job seeker the researchers identified last month claimed to be an “innovative and strategically thinking professional” in the technology industry and an experienced software developer.
Mandiant said it had identified several North Koreans on job websites who have been hired as freelancers. The researchers declined to name the employers.
According to Mandiant analyst Michael Barnhart, “these are North Koreans trying to get employed and get to a place where they can send money back to the regime.”
North Korea, crypto and hacks
Although the North Korean government has repeatedly denied involvement in any cyber-related theft, earlier this year US government agencies, including the State Department and the FBI, warned businesses against inadvertently hiring North Korean freelancers, as they potentially obscured their true identities and ties to the government of DPRK.
A joint release by US government agencies in May indicated that North Korean “IT workers are located mainly in … China and Russia, with smaller numbers in Africa and Southeast Asia,” and “often rely on their foreign contacts to get freelance jobs for them and to communicate more directly with customers.”
The US government issued a similar warning in April, saying it “has observed North Korean cyber actors targeting a number of organizations in the blockchain technology and cryptocurrency industries.”
The report specifically cited several target areas for the industry, including exchanges, decentralized finance (DeFi) protocols, venture capital funds and individual holders of large amounts of crypto-related assets such as tokens or NFTs.
In April, the US government concluded that Lazarus, a “state-sponsored hacker organization” with ties to the North Korean government, was behind the $622 million hack of a cross-chain Ronin bridge used by the play-to-earn game Axie Infinity.
Research firm Elliptic also suggested that North Korean hackers were the most likely culprits in a $100 million hack of the Harmony protocol in June.
Stay up to date on crypto news, get daily updates in your inbox.