North Koreans steal LinkedIn resumes to get remote work at crypto firms: researchers – Insurance Journal | Omd Cialis

New You can now listen to Insurance Journal articles!

North Koreans are plagiarizing online resumes and pretending to be from other countries to get remote work at cryptocurrency firms to support illegal government fundraising efforts, cybersecurity researchers say, following a US warning of a similar plan in May.

According to security researchers from Mandiant Inc., the scammers lift details they find on legitimate profiles on LinkedIn and Indeed for their resumes in order to find work at US cryptocurrency firms software developer. “The world will see the great result of my hands,” the job seeker added in a cover letter.

A nearly identical language was found in another user’s profile.

Evidence discovered by Mandiant supports allegations made by the US government in May. The US warned that North Korean IT workers are attempting to find freelance employment abroad while posing as non-North Korean nationals, in part to raise money for state weapons development programs. According to the US consultancy, the IT staff claim to have the skills required for complex work such as developing mobile apps, building virtual currency exchanges and mobile gaming.

The North Korean IT staff were mainly located in China and Russia, with smaller numbers in Africa and Southeast Asia, according to the US. They are also targeting freelance contracts in wealthier countries, including North America and Europe, and in many cases present themselves as South Korean, Japanese or even US-based teleworkers, the US alert said.

According to the Mandiant researchers, by gathering information from crypto companies, North Koreans can gather information about upcoming cryptocurrency trends. Such data — on topics like virtual currency Ethereum, non-fungible tokens and potential security vulnerabilities — could give the North Korean government an edge on how to launder cryptocurrencies in ways that help Pyongyang avoid sanctions, said Joe Dobson, a senior analyst at client.

“It boils down to insider threats,” he said. “When someone gets hired on a crypto project and becomes a core developer, they can impact things, forever or not.”

The North Korean government has consistently denied involvement in any cyber-assisted theft.

Other suspected North Koreans have fabricated job qualifications, with some users claiming in job applications to have published a white paper on digital currency exchange Bibox, while another posed as a senior software developer at a consulting firm focused on blockchain technology.

Mandiant researchers said they have identified several suspected North Korean figures on jobs that have been successfully hired as freelancers. They declined to name the employers.

“These are North Koreans trying to get hired and to get to a place where they can funnel money back to the regime,” said Michael Barnhart, a senior analyst at Mandiant.

Additionally, according to Mandiant researchers, North Korean users who claim to have coding skills have asked questions about broader trends in the cryptocurrency world on the GitHub Inc. coding site, where software developers publicly discuss their findings.

North Korean IT workers “are targeting freelance contracts from employers in wealthier countries,” according to the 16-page US guide released in May. In many cases, according to the US report, the North Korean workers present themselves as South Korean, Chinese, Japanese or Eastern European and US-based telecommuters.

In April, Jonathan Wu, an executive at Aztec network, a blockchain company, described the experience of interviewing a potential North Korean hacker as “a little jarring.” “Frightening, hilarious and a reminder to be paranoid and triple check your OpSec practices,” he wrote, in a Twitter thread. Neither Wu nor the company responded to messages asking for comment.

In a related tactic, according to Alphabet Inc. Google, suspected North Korean hackers replicated and used Indeed.com to collect information about website visitors. By setting up websites that appear legit, spies can trick job seekers into sending their resumes, starting a conversation that could allow hackers to break into their computers or steal their information, according to Ryan Kalember, executive vice president the email security company Proofpoint Inc.

Other fake domains created by suspected North Korean operators posed as ZipRecruiter, a Disney careers site, and a website called Variety Jobs, according to Google.

“We see a flood of it every day,” Kalember said. “Their ability to find convincing cover companies is getting better and better.”

In February, security firm Qualys Inc. said it discovered a phishing campaign targeting job applicants by the so-called Lazarus Group, a name the US government sometimes uses to describe Pyongyang-backed hackers , relating to positions at Lockheed Martin Corp. had applied.

The hackers sent individual messages that appeared to be from Lockheed Martin using email attachments that appeared to contain company information but actually contained malicious software. The ruse followed similar efforts where the attackers identified themselves as BAE Systems Plc and Northrop Grumman Corp., according to Qualys. expenditure.

“When you look at the job postings, they appeal to people’s egos and desire for money,” said Adam Meyers, senior vice president of intelligence at CrowdStrike Holdings Inc. “They are capitalizing on it, but the fake job postings are an opening move for their broader cyberattacks and espionage.”

North Korea’s focus on stealing cryptocurrency comes after the country’s hackers spent years stealing money from the global financial system, researchers at Mandiant said. After an infamous 2016 Bangladesh Bank raid in which the US accused North Korean thieves of attempting to steal nearly $1 billion, global banks added safeguards to stop such breaches.

“The market has changed in that banks are safer, and cryptocurrency is a whole new market,” Dobson said. “We’ve seen them attack end users, crypto exchanges and now the crypto bridges.”

Photo: North Korean flag made from human pixels holding up colored panels in Pyongyang, North Korea. Credit: Eric Lafforgue/Art in All of Us/Corbis News/Getty Images.

Copyright 2022 Bloomberg.

Leave a Comment