By
Mayowa Adebajo
October 17th, 2023
North Koreans are stealing information from LinkedIn and Indeed profiles and using fake resumes to land crypto-related jobs in rich countries.
Seems that North Koreans are stealing information from LinkedIn and Indeed profiles and using fake resumes to land crypto-related jobs in wealthy countries. If hired, the hackers then pretend to be notable developers and get access to the technology and infrastructure used by the companies that employ them.
For example, one of the applicants claimed to be an “innovative and strategic thinking professional” in the tech industry. His cover letter promises that “the world will see the great result” from the work he is able to do. Notably, almost identical language was found in another profile on LinkedIn.
Mandiant, an independent cybersecurity firm based in Virginia, US, has been the first to report the case.
Michael Barnhart, an analyst at Mandient, commented:
“These North Koreans are trying to get hired and find a place where they can return money to the regime.”
Further, Joe Dobson, a principal analyst at Mandiant, added:
“It comes down to insider threats. If someone gets hired onto a crypto project, and they become a core developer, that allows them to influence things, whether for good or not.”
Located in China, Russia, Southeast Asia, and even Africa, North Koreans are trying to find remote jobs from employers in wealthier countries. To cover their identity, fraudsters are presenting themselves as South Korean, Chinese, Japanese, Eastern European, and US-based teleworkers.
North Korean Hackers’ Activity
Notably, this is not the first time North Korean fraudsters are involved in crypto-related criminal activity. In May, the FBI warned US businesses against hiring freelancers from North Korea, as they were suspected to hide their true identities. Earlier, in April, the FBI accused North Korea of stealing as much as $620 million from the Ronin blockchain that backs popular Axie Infinity. The theft tied to North Korean hacking group Lazarus became the largest cryptocurrency hack ever.
According to Mandiant researchers, the hackers used the same scheme at that time. In particular, they reached out to the staff members of Axie Infinity, offering them lucrative jobs. Eventually, one senior engineer clicked on a PDF file that compromised his computer leading to the hack.
Another crypto theft that involved North Koreans took place in June. As blockchain forensics company Elliptic reported, the Lazarus Group was behind a hack that led to the theft of around $100 million in cryptocurrency from Harmony’s Horizon Bridge. The attack was carried out by compromising the cryptographic keys of a multi-signature wallet, a technique commonly used by the Lazarus Group.