North Korean hackers steal LinkedIn resumes for job search in the crypto industry

Article Reading Time:
2 minutes.

According to the latest Bloomberg reportand security researchers at Mandiant, North Korean government-sponsored hackers are now paying more attention to a new method of stealing funds from the digital currency market.

Instead of hacking vulnerablecrypto exchanges and other projects such as Harmony, members of the Lazarus Group are now impersonating IT specialists - attackers are stealing users' resumes on LinkedIn.

One of the Mandiant analysts Joe DobsonJoe Dobson says the stolen resumes are then edited and sent to companies hiring blockchain developers in hopes of gaining inside information and creating backdoors that will allow those platforms to be used later.

The resumes are mostly plagiarized,however, some of them also contain outright false information. Some include supposedly official documents from cryptocurrency exchanges that never existed, as well as vague job descriptions that likely never existed at the companies the hacker claims to be from.

Mandiant has identified several companies thathired supposedly fake applicants from the Lazarus Group, but did not publish the information. Apparently, the company will transfer the data directly to the affected firms.

The report indicates that mostBorrowed or fake CVs mention the skills of Chinese and Russian specialists, with a smaller number of CVs copied from developers in Africa and Southeast Asia. These CVs are then used to create several fake profiles of applicants, many of which use almost the same language to describe the recruitment skills.

In mid-July, former CIA agent Soo KimKim said North Korea will continue cyberattacks on cryptocurrency companies as the North Korean regime faces serious food shortages.