North Korean Hackers created Fake Job Offers to steal Cryptocurrency: Read how? -

Post Views: 316

“Now hackers have come up with a new idea to steal cryptocurrency using fake job offers.”

According to fresh research, raw data, and interviews, North Korean hackers are flooding the cryptocurrency business with employment offers that appear legitimate as part of their campaign to steal digital currency.

The issue has become so widespread that job seekers now routinely check recruiters for indications that they may be working for Pyongyang. According to 25 victims, experts, and business leaders contacted by Reuters, the issue is widespread.

Carlos Yanez, BDE, Global Ledger, blockchain analytics firm, Switzerland

According to data provided by cybersecurity firms SentinelOne and Validin, who are publishing a report about the cyber campaign, Carlos Yanez, a business development executive at the Switzerland-based blockchain analytics firm Global Ledger, said, “It happens to me all the time and I’m sure it happens to everybody in this space.” Yanez was one of the people recently targeted by the thieves.

Yanez claimed that although he was not hacked, North Korean masquerades had become better during the previous 12 months. He remarked, “It’s frightening how far they’ve come.”

Chainalysis, Blockchain Intelligence Firm

According to blockchain intelligence firm Chainalysis, North Korean hackers were thought to have stolen at least $1.34 billion worth of cryptocurrencies last year; however, there is no publicly published estimate of the amount of money taken through this approach alone.

Pyongyang allegedly uses the thefts to fund its sanctioned weapons program, according to accusations made by U.S. and U.N. monitors. There have long been claims that Pyongyang uses complex fraud to target the blockchain community.

According to a public warning released by the FBI late last year, North Korea was “aggressively” targeting the bitcoin industry with “complex and elaborate” social engineering methods.

However, Reuters’ story offers previously unreported specifics of how they deceive their targets, along with a thorough analysis of their strategies, which seven targets confirmed with screenshots of their talks with the hackers.

Initially, a recruiter might send a pitch for a blockchain-related position via Telegram or LinkedIn.

Bitwise Asset Management

In a January 20 LinkedIn message to Victoria Perepel, a recruiter posing as Bitwise Asset Management stated, “We are currently expanding our team.” “We are especially seeking people who have a strong interest in cryptocurrency markets.”

The recruiter would invite potential candidates to visit a mysterious website to complete a skills test and make a video after a quick back-and-forth over the alleged job and pay. Several targets started to show signs of suspicion at this point.

Why not just conduct a live interview via a more well-known video platform, such as Zoom or Google Meet? When Wieslaw Slizewski, posing as a technical recruiter from the online trading site Robinhood, approached machine learning entrepreneur Olof Haglund on January 21, he objected.

Slizewski insisted that Haglund download the code to record the video, and he wouldn’t back down.

Slizewski, LinkedIn Message

In a LinkedIn reply, Slizewski stated, “We have a systematic hiring process, and the video assessment is an essential component of our evaluation to ensure consistency and fairness for all candidates.”

Others did not end the interview, but Haglund did. Speaking on condition of anonymity to avoid being identified as a job applicant, a product manager for a U.S. cryptocurrency company claimed to have shot the video and forwarded it to a person posing as a recruiter for the cryptocurrency startup Ripple Labs.

He wasn’t aware he had been duped until that evening, when he discovered that $1,000 worth of ether and Solana were gone from the digital wallet he stored on his computer. The alleged Ripple recruiter’s LinkedIn profile was already deleted when he searched for it.

In another instance, consultant Ben Humbert was discussing a project management position on LinkedIn with Mirela Tafili, a recruiter posing as representing the cryptocurrency exchange Kraken.

To “speed up the process” and forward Humbert to the next phase, Tafili invited him to conduct a “brief virtual interview” and sent him a link.

Humbert claimed that he ended the conversation because he was suspicious.

Messages asking for comment were not answered by Bitwise or Ripple. In a statement, Robinhood claimed to have taken measures to deactivate web domains associated with the scam after becoming “aware of a campaign earlier this year that attempted to impersonate several crypto companies, including Robinhood.”

In a statement, LinkedIn said that the fraudulent recruiter accounts that Reuters had discovered had been “previously actioned.”

Telegram claimed that scammers were eliminated wherever they were discovered. Reuters was unable to get in touch with the hackers.

The thefts are attributed by SentinelOne and Validin to a North Korean operation that was previously known as “Contagious Interview” and was recently discovered by cybersecurity firm Palo Alto Networks.

Based on a number of criteria, including the usage of Internet Protocol addresses and emails connected to prior North Korean hacking activity, the researchers who were monitoring the campaign came to the conclusion that the North Koreans were responsible.

In the course of their study, the researchers discovered log files that the hackers had unintentionally made public. These data included the email addresses and IP addresses of over 230 individuals who were targeted between January and March, including coders, influencers, accountants, consultants, CEOs, marketers, and more.

All of the targets were notified of the malicious behavior by Reuters. All 19 of the people who spoke to the news agency acknowledged that they were being targeted at that time. According to one of the companies, the hackers impersonated, this is common in the cryptocurrency industry.

Percoco, the Kraken executive

Kraken’s chief security officer, Nick Percoco, stated, “Something happens every day.”

According to Kraken executive Percoco, the company began receiving reports of recruiting fraud in late last year, and they continued to do so in March, April, and May.

According to Percoco, the organization employs systems to look for fraudulent accounts that pretend to be recruiters, but it also receives reports from outsiders who contact them to say, “Hey, I was interviewing for a job with you guys, and then it turned real scammy.”

He claimed that businesses found it challenging to monitor the imposter.

“Anyone can claim to be a recruiter,” he remarked.

Messages asking for comment on Reuters’ findings were not answered by North Korea’s UN mission. Pyongyang consistently disputes committing cryptocurrency thefts.

Aleksandar Milenkoski, Senior Researcher, SentinelOne

According to Aleksandar Milenkoski, a senior researcher with SentinelOne and one of the report’s coauthors, the targets Reuters identified were only “a tiny, tiny fraction” of Contagious Interview’s potential victims, which in turn represents a subset of North Korea’s overall cryptocurrency-stealing efforts.

He described them as “like a typical scam group.” “They pursue breadth.”

About The Author

Suraj Koli is a content specialist in technical writing about cybersecurity & information security. He has written many amazing articles related to cybersecurity concepts, with the latest trends in cyber awareness and ethical hacking. Find out more about “Him.”

Windows Servers are Taken Over by a “SEO Fraud-As-A-Service” Scam to Advertise Gambling Websites