September 27, 2023

North Korean hackers steal LinkedIn resumes for job search in the crypto industry

Article reading time:
2 minutes.

North Korean hackers steal LinkedIn resumes for job search in the crypto industry

According to the latest Bloomberg report andsecurity researchers at Mandiant, North Korean government-sponsored hackers are now paying more attention to a new method of stealing funds from the digital currency market.

Instead of hacking the vulnerablecrypto-exchanges and other projects such as Harmony are now members of the Lazarus Group posing as IT professionals - attackers steal users' resumes on LinkedIn.

Mandiant analyst Joe DobsonDobson says that the stolen resumes are subsequently edited and sent to companies hiring blockchain developers in the hope of obtaining insider information and creating backdoors that will allow these platforms to be used later.

Resumes are mostly plagiarism,however, some of them also contain outright false information. So, some include supposedly official documents of cryptocurrency exchanges that never existed, as well as vague job descriptions that probably also never existed in the companies from which the hacker appears to be from.

Mandiant has identified several companies thathired supposedly fake applicants from the Lazarus Group, but did not release the information. Apparently, the company will transfer data directly to the companies at risk.

The report indicates that mostborrowed or fake resumes mention the skills of Chinese and Russian specialists, while a smaller number of resumes are copied from developers from Africa and Southeast Asia. These resumes are then used to create several fake job applicant profiles, many of which use almost the same language to describe their skillset.

In mid-July, former CIA agent Soo Kim said that North Korea would continue cyberattacks on cryptocurrency companies as the North Korean regime faces severe food shortages.