After a warning in May, cyber security researchers reported North Koreans are trying to work for cryptocurrency companies by stealing online resumes and pretending to be from other countries.
What’s the fraud?
Authentic LinkedIn and Indeed accounts are abused by fraudsters for stealing resume data to land jobs at bitcoin businesses in the US, according to Mandiant Inc. security researchers.
Read about our research on North Korean actors pretending to be software developers from other countries as part of an effort to raise money for the regime from #cryptocurrency companies. https://t.co/wcaDkas8Lj via @business
— Mandiant (@Mandiant) August 1, 2022
As Mandiant discovered on July 14, one job applicant claimed both to be a “software engineer with extensive experience” and an expert in strategic and creative thinking. In his cover letter, the applicant claimed that “my work will be seen by many.”
There was almost exactly the same language in another user’s profile. In May, the US government made claims based on information uncovered by Mandiant.
When did it all begin?
Hackers from North Korea spent years stealing money from the world’s banks before they started stealing Bitcoin. After North Korean criminals tried to steal close to $1 billion from Bangladesh Bank in 2016, global banks put in place precautions to prevent such intrusions.
It’s safer for banks now, and cryptocurrency is a new business. According to Dobson, the principal analyst at Mandiant, these attacks have targeted end users, cryptocurrency exchanges, and now crypto bridges.
What are the motives for these frauds?
North Korean IT professionals pretend to be someone else when searching for freelance work overseas in order to collect money for government weapons development programs.
US guidance states that IT workers have the skills needed to develop mobile apps, build virtual currency exchanges, and develop mobile games.
Earlier in May, the USA published a 16-page alert warning North Korean IT professionals freelancing for firms based in richer nations. According to US advice, the North Koreans often pose as South Koreans, Chinese, Japanese, or Eastern European teleworkers with US addresses.