How North Korea Infiltrated Crypto Using LinkedIn Resumes

Per a Bloomberg report, North Korean-backed hackers might be stepping up their efforts and attack vectors against the crypto industry. Bad actors seem to be stealing resumes and information from major job listings websites to apply for jobs in the nascent sector.

The report claims that attackers are taking legitimate data from LinkedIn and other major websites to create fake profiles as software engineers, developers, or software with vast experience working in IT. In that way, they can infiltrate crypto companies or projects.

Operation Dream Job And AppleJeus Job Targets Crypto Industry

These attempts are part of two different operations allegedly sponsored by North Korea. Called AppleJeus and Operation Dream Job, according to a report released by cyber security firm Mandiant and Google.

In a report posted on March 2022, Google’s Threat Analysis Group detailed these operations as an ongoing attempt to target organizations, countries, news media, and companies to infiltrate them and attack them from the inside.

The report claims over 250 individuals have been negatively affected by Operation Dream Job and almost 100 crypto users from Operation AppleJeus. Attackers have been able to steal or compromised domains such as blockchainnews, disneycareers, find-dreamjob, and others.

The attackers use different strategies to exploit their victims and seem to be refining their approach. Joe Dobson, a Principal Analyst at Mandiant, said the following about these operations to infiltrate the crypto industry and how they can be useful to the North Korean regime:

It comes down to insider threats. If someone gets hired onto a crypto project, and they become a core developer, that allows them to influence things, whether for good or not.

Is North Korea Manipulating The Crypto Market?

According to Bloomberg, the bad actors could be trying to operate from inside these organizations to control and exercise more influence over upcoming trends. In that way, the attackers could position themselves before retail investors and institutions and benefit from the surge in the price of digital assets.

The North Korean hackers have been allegedly interacting with members of the space on GitHub and even seeking jobs at high-profile companies by impersonating Whitepaper authors and founders. Michael Barnhart, another Principal Analyst at Mandiant, added:

These are North Koreans trying to get hired and get to a place where they can funnel money back to the regime.

Back in April 2022, Jonathan Wu, an executive at Aztec Network, a Web3 project focused on privacy shared his experience interviewing a potential North Korean hacker for a position. Wu was aware of the surge of cyber attacks against the industry, and together with other signs, he was able to identify the suspect.

On Twitter, Wu said the following about his experience:

No bullshit I think I just interviewed a North Korean hacker. Terrifying, hilarious, and a reminder to be paranoid and triple-check your OpSec practices.

Wu also believes these attackers will improve their modus operandi in the future. Thus, why companies and users must keep a vigilant eye on the new threats emerging in the space.

At the time of writing, Ethereum (ETH) trades at $1,630 with sideways movement in the past 24 hours.

ETH’s price moves sideways on the 4-hour chart. Source: ETHUSDT Tradingview