North Korean hackers steal LinkedIn resumes for job search in the crypto industry

North Korean government-sponsored hackers are now paying more attention to a new method of stealing funds from the digital currency market, according to the latest report from Bloomberg and security researchers at Mandiant.

Instead of hacking vulnerable crypto exchanges and other projects like Harmony, members of the Lazarus Group are now posing as IT professionals – attackers steal users’ LinkedIn resumes.

Mandiant analyst Joe Dobson says the stolen resumes are subsequently edited and sent to companies hiring blockchain developers in the hope of gaining insider information and creating backdoors that will allow the platforms to be used later.

Resumes are mostly plagiarism, but some of them also contain outright false information. So, some include supposedly official documents of cryptocurrency exchanges that never existed, as well as vague job descriptions that probably also never existed in the companies from which the hacker appears to be from.

Mandiant identified several companies that hired supposedly fake applicants from the Lazarus Group, but did not release the information. Apparently, the company will transfer data directly to the companies at risk.

The report indicates that the majority of borrowed or fake resumes mention the skills of Chinese and Russian specialists, while a smaller number of resumes are copied from developers from Africa and Southeast Asia. These resumes are then used to create several fake job applicant profiles, many of which use almost the same language to describe their skillset.

In mid-July, former CIA agent Soo Kim said that North Korea would continue cyberattacks on cryptocurrency companies as the North Korean regime faces severe food shortages.