Hacker working with laptop at table. Flag of North Korea

North Korean hackers plagiarizing LinkedIn and Indeed resumes to seek jobs at digital assets firms: report

A new study carried out by cyber threat defense solutions provider Mandiant Inc. has found that North Korean hackers have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed in an elaborate jobs scam targeted at digital asset firms.

Mandiant found that the objective of the hackers is to gather intelligence about these firms’ upcoming trends and gain access to their internal operations, according to a Bloomberg report.

The hackers reportedly plagiarize details they find on legitimate profiles on LinkedIn and Indeed. Under pretenses of being from other countries, the alleged hackers have also often successfully landed jobs in several U.S. digital assets firms.

Mandiant principal analyst Joe Dobson commented that this increases the possibility of an insider threat. He added that North Korean hackers had shifted their focus from bank heists to the relatively new digital assets market.

“It comes down to insider threats. If someone gets hired onto a crypto project, and they become a core developer, that allows them to influence things, whether for good or not,” Dobson said.

Michael Barnhart, another Mandiant principal analyst, added that the evidence points to the hackers acting on behalf of the North Korean government.

“These are North Koreans trying to get hired and get to a place where they can funnel money back to the regime,” Barnhart chimed in.

North Korean hackers’ notoriety is not new

Mandiant’s findings corroborate the warning made by the U.S. Departments of Treasury, Justice, and State in a joint statement earlier this year. The departments highlighted that North Korean IT workers are trying to obtain freelance employment abroad while posing as South Korean, Japanese, Eastern European, and U.S.-based remote workers.

The warning added that North Korean hackers are also present on the open-source code-sharing platform GitHub. They leverage the public discussion held on the platform to gather intelligence on the digital assets market and software.

In 2022, the U.S. Treasury Department and blockchain security firm Elliptic linked both the Axie Infinity Ronin Bridge and Horizon bridge hacks, respectively, to the Lazarus Group, a notorious North Korean hacker gang.

Previously, the U.N. reported that the North Korean government was sponsoring these hackers to fund its nuclear program. It launders the hacked digital assets loot to evade sanctions placed on it, the U.N. noted.

Watch: The BSV Global Blockchain Convention presentation, Blockchain for Data Integrity & Business Process Management

YouTube video

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.