North Korean fraudsters have been linked to several instances of falsified job applications in an attempt to secure information surrounding the cryptocurrency industry for the benefit of the Pyongyang government. These criminals are plagiarizing occupational characteristics from online employment websites, most prominent among them being LinkedIn and Indeed, then posing as experts to be hired at specific cryptocurrency companies to garner a leg up for the government in avoiding sanctions.
According to Mandiant principal analyst Joe Dobson, via Bloomberg, North Koreans are accumulating a wide swath of internal info on Ethereum, its security parameters, and even NFT protocols. Mandiant, a cybersecurity company, claims that the fraudsters are attempting to keep up to date with revolving crypto trends, cementing themselves into various firms as both freelance and senior positions to gather intelligence on upcoming security updates and volatile price swings.
"It comes down to insider threats. If someone gets hired onto a crypto project, and they become a core developer, that allows them to influence things, whether for good or bad," explains Dobson.
Related Article: North Korea-based Lazarus Hackers Pretend as Lockheed Martin Offering Employment For Job Seekers
Dobson points out specific instances of supposedly fraudulent North Korean job applications that feature copied text from other users' profiles, like one wherein the applicant falsely claims to be an "innovative and strategic thinking professional" as an experienced software developer. Other examples include applications featuring purportedly published works, like the white paper for Bibox digital currency, or high profile qualifications, like previous work as a senior blockchain software developer.
North Korean hackers have even gone so far as to mirror Indeed.com, as well as other similar sites, to fool unknowing job seekers into filling out resumes that will then be utilized for nefarious purposes. Said hackers are leveraging fake domains to impersonate specific employment listing websites, like ZipRecuirter, Variety Jobs, and more, drawing in resumes to post as their own.
North Korean officials have remained tight-lipped on the matter, denying any involvement in suspected cybercriminal activity. The country has been a major player in sophisticated IT fraud, cyber attacks, and sanction skirting via shady methods. Only mere days prior, North Korea was found to be funding its missile program largely via stolen profits through cyberattacks.
Mandiat's information coincides with a recent report published by the US government highlighting that North Korean IT professionals were attempting to find freelance work around the globe utilizing non-North Korean backgrounds. The published report, which debuted in May, cites specific applications where fraudsters are claiming to be knowledgeable in complex mobile app development protocols, virtual currency exchange technologies, and even video game development.
Both Mandiat's evidence and the US government's own fears have been outright answered now that Kim Jong-un has declared North Korea "ready to mobilize" nuclear weapons against its Southern brethren.