The incident began as a regular procedure for hiring and interviewing a potential employee for a vacant position. However, already during the first call with the Kraken recruiter, the unknown joined the chat under a different name than indicated in the resume, and quickly returned back during the conversation. It seemed suspicious to the Kraken recruiter that the candidate talking to him from time to time interrupted the conversation and changed his voice – that is, he could advise him during the interview in real time or answered questions instead of him.
The Kraken Security Service decided not only to reject the suspicious candidate, but to conduct an intelligence collection operation to study the tactics and better understand the methods used to penetrate the crypto company.
The Kraken Red Team security team using OSINT data collection methods (OSINT) found that the applicant used a network of fake personalities to submit applications to various companies, including other cryptocurrency firms. Some of these personalities were already hired by other organizations, and one was even listed in the sanctions list as a “foreign agent”. Among the received data was a list of email addresses related to an unnamed hacker group, and one of them coincided with the address used by the applicant for submitting a resume to the position of an engineer.
Technical inconsistencies also aroused suspicions, as the candidate used the remote Mac desktop through the VPN and provided fake identity documents.
The Kraken team conducted a final interview with the participation of Nick Percoco Security Director. During the conversation, the applicant was asked unexpected questions for verification, for example, they asked to show the identity card, name the city of residence and recommend local restaurants. Under pressure, the candidate began to get confused, his voice changed, and the answers became unconvincing.
These signs, coupled with the previously collected data, allowed Kraken to finally make sure that they have not a real applicant, but a potential attacker.
Earlier, a group of hackers Crazy Evil was seen in the theft of cryptocurrencies for job applicants. The criminals created the fake site Chainseeker.io and published on behalf of the non -existent company Vacancies “Analyst Blockchain” and “Social Networks Manager” on Linkedin, Wellfound and Cryptojobslist.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
