North Korean Hackers Copypaste LinkedIn Resumes to Get Jobs at Cryptocurrency Companies

According to a report by Bloomberg, the cybercriminals hide their North Korean origin and pose as South Koreans, Japanese, Africans or Southeast Asians. They use stolen information to pose as possessing technological skills required for a job in blockchain and cryptocurrency. For example, many of them pretend to be senior developers, app designers, etc.

They actively research current trends on GitHub and other similar platforms. This gives them the opportunity to determine what skills are most wanted and adjust their resumes according to the current demand.

Earning or spying?

So far, the reasons for such actions are still quite unclear. On the one hand, North Koreans could simply be seeking better career opportunities in wealthier countries. On the other hand, it could be a government initiative to launder money and circumvent international sanctions.

North Korea is known to support cyberattacks and training of hackers. One of the most well-known groups to come out of the country is the Lazarus Group. It is suspected of carrying out numerous cyber crimes, including the infamous hack of the Cryptopia exchange (although the allegations were never confirmed). As CoinIdol, a world blockchain news outlet, reported, they even used the Telegram messaging app to steal cryptocurrencies. 

They were previously exposed in February 2022 when they used phishing malware to target job applicants at Lockheed Martin Corp, as Qualys Inc. reported. Now the group may simply be expanding its efforts to a larger number of employees. However, it is unclear how many of those applicants actually received jobs. It remains to be seen whether these employees will actually harm their employers over time.