North Korean hackers have taken to flooding the crypto job market with fake resumes. Following the age-long ban placed on them on the North Korean regime, local authorities have made headlines countless times for unusual and often illegal ways to gather funds.
They hack regular banks and farm currencies via botting; they have outrightly devised several ways to threaten the nation’s financial security.
In recent years, the North Korean regime has settled on the crypto market, with several attacks on crypto exchanges by the Lazarus Group and others. However, a recent report indicates that North Korean government-sponsored hackers are now putting more focus on another method of fundraising via the crypto market.
They are having members pose as IT professionals on LinkedIn and posing the resumes of legitimate users as theirs.
According to Joe Dobson, an analyst at Mendiant, the resumes are edited and sent to companies hiring blockchain developers to be privy to primary information and create loopholes that would allow the platforms in question to be exploited at their time.
“It comes down to insider threats. If someone gets hired onto a crypto project, and they become a core developer, that allows them to influence things, whether for good or not.”
While most resumes are plagiarized, some include false information such as whitepapers for exchanges that seem to have never existed, intentionally vague job descriptions, etc. Mandiant has identified several companies that hired allegedly fake jobseekers from the Lazarus Group but has refrained from publishing the information.
However, Twitter sees stories from interviewers reportedly targeted by Lazarus’s latest project popping up.
The report indicates that most of the resumes cite the skills of Chinese and Russian individuals, with a smaller number of CVs being copied from devs in Africa and Southeast Asia.
These resumes are then used to create multiple fake jobseeker profiles, many using nearly identical language to describe their skill set, and most resumes identified applied for positions in the US and Europe.
The report warns recruiters to stay observant when screening applicants.