Security researchers at Mandiant have found that North Korean cybercriminals are copying profiles on LinkedIn and Indeed to plagiarize resumes in order to land remote work at crypto firms, a Bloomberg report says.
The objective is to access these firms’ internal operations and gather intelligence about upcoming trends.
Mandiant also spotted the suspected hackers at the popular coding site GitHub.
This information is allegedly helping North Korean hackers to launder cryptocurrencies that can later be used by the Pyongyang regime to evade Western sanctions.
Mandiant said they had identified multiple North Koreans on employment websites that have successfully been hired as freelancers.
A joint release from U.S. government agencies in May indicated that North Korean “IT workers are located primarily in… China and Russia, with a smaller number in Africa and Southeast Asia,” and “often rely on their overseas contacts to obtain freelance jobs for them and to interface more directly with customers.”
The report specifically cited several target areas of the industry, including exchanges, decentralized finance (DeFi) protocols, venture capital funds, and individual holders of large amounts of crypto-related assets such as tokens or NFTs.
Analytics firm Elliptic also suggested that North Korean hackers were the most likely culprits in a $100 million hack of the Harmony Protocol in June.