BY DAYO ADESULU
Bloomberg and some security researchers have accused the government of North Korea of sponsoring hackers to exploit the cryptocurrency space in order to raise funds for the country.
This is coming in the backdrop of a longstanding embargo on the North Korean regime, leading to local authorities making headlines countless times for unusual – and often illegal – ways to gather funds.
They have, over the years, gone from hacking regular banks to farming in-game currencies via botting. The methods range from essentially harmless to downright threats to national security.
The Lazarus Group and some companies have been fingered by researchers as the syndicates the North Korean regime uses to defraud the crypto market. Bloomberg and security researchers at Mandiant indicate that North Korean government-sponsored hackers are now putting more focus on another method of fundraising via the crypto market.
Cryptopotato reports that instead of hacking vulnerable crypto exchanges and other projects such as Harmony, the Lazarus Group is now having members pose as IT professionals on LinkedIn and Indeed, appropriating the resumes of legitimate users.
According to Joe Dobson – one of the analysts at Mendiant – these are then edited and sent to companies hiring blockchain developers in the hopes of getting insider information and creating backdoors that would allow the platforms in question to be exploited at a later date.
“It comes down to insider threats. If someone gets hired onto a crypto project, and they become a core developer, that allows them to influence things, whether for good or not.”
Although the resumes are mostly plagiarized, some also include blatantly false information – such as whitepapers for exchanges that seem to have never existed, intentionally vague job descriptions, etc. Mandiant has identified several companies that hired allegedly fake jobseekers from the Lazarus Group but has refrained from publishing the information.
On Twitter, however, stories from interviewers allegedly targeted by Lazarus’s latest project have been popping up.
The report indicates that most of the appropriated resumes cite the skills of Chinese and Russian individuals, with a smaller number of CVs being copied from devs in Africa and Southeast Asia. These resumes are then used to create multiple fake jobseeker profiles, many using nearly identical language to describe their skillset.
A smaller group also claimed to be South Korean, Japanese, or US-based remote workers. In any case, almost all resumes identified applied for positions in the US and Europe.