North Koreans plagiarize online resumes from legitimate LinkedIn and Indeed profiles to get jobs at US cryptocurrency companies. Bloomberg writes about it, citing security researchers from Mandiant Inc.

As a rule, North Koreans attribute to themselves specialization in the technology industry and experience in software development. They actively communicate on the GitHub profile site and learn about the latest trends in the field of cryptocurrencies.

Mandiant researchers reported on surveys from DPRK residents, where they published the whitepaper of the Bibox digital currency or posed as a senior software developer at a consulting firm specializing in blockchain technology.

Experts have identified several suspected North Koreans who have been successfully hired as freelancers at construction sites. They refused to give the names of the employers.

According to Mandiant, North Koreans are trying to find jobs remotely at cryptocurrency companies, pretending to be from other countries, to be able to earn or launder money for the sanctioned government.

The DPRK government denies involvement in any cybersecurity theft.

In April, Jonathan Wu, CEO of blockchain company Aztec Network, revealed that he was “a little overwhelmed” by the experience of interviewing a potential North Korean hacker.

“It reminds you to be scary, funny, and paranoid, and triple-check your methods. opsek”, – Wrote it is Twitter.

According to Google Alphabet Inc., techniques used by suspected North Korean hackers include launching the fake site Indeed.com to gather information about their visitors. This is why attackers trick applicants into submitting resumes in order to gain further access to their computers or steal data.

According to Google, the hackers also forged ZipRecruiter domains, the Disney job page, and the Variety Jobs website.

In February, cybersecurity firm Qualys Inc. He said North Korean Lazarus Group discovered a phishing campaign targeting job seekers at Lockheed Martin Corp.

The hackers sent messages claiming to be Lockheed Martin and attaching the malware as an attachment. Similarly, attackers BAE Systems Plc and Northrop Grumman Corp.

According to Mandiant researchers, North Korea has focused on stealing cryptocurrencies after years of attacks on the global financial system.

“The market has changed, banks have become more secure, and cryptocurrency is a whole new field. “We’ve seen them target end users, crypto exchanges and now crypto bridges,” analysts said.

Evidence uncovered by Mandiant supports claims made by the US government in May.

Recall that then the Ministry of Finance, the State Department and the FBI issued a warning document about the activities of North Korean IT specialists freelancing in various technologies, including cryptocurrency projects.

According to US authorities, the DPRK generates income through such employees that it directs to finance its weapons programs.

Read ForkLog bitcoin news in our Telegram – cryptocurrency news, courses and analysis.