North Korean citizens are stealing online resumes and information to get remote jobs at cryptocurrency firms in the United States (US) and other western countries.
According to cybersecurity firm Mandiant, this is done to aid illicit money-raising efforts for the North Korean government.
In a report, Mandiant revealed that these fraudsters target freelance contracts in wealthier nations and present themselves as South Korean, Japanese, or even US-based teleworkers.
One applicant wrote that he is an innovative and strategic thinking professional” in the tech industry and an experienced software developer. “The world will see the great result from my hands,” the job seeker added in a cover letter.
The catch? Nearly identical language was found in another user’s profile.
The evidence detected by Mandiant reinforces the advisory released by the US government last May about fraudsters trying to obtain freelance employment abroad.
Mandiant researchers said that by collecting information from crypto companies, North Koreans can gather intelligence about upcoming cryptocurrency trends.
Such data, said Mandiant principal analyst Joe Dobson, could give the North Korean government an edge in how to launder cryptocurrency in a way that helps Pyongyang avoid sanctions.
“It comes down to insider threats,” he stated. “If someone gets hired onto a crypto project, and they become a core developer, that allows them to influence things, whether for good or not.”
The report disclosed that North Korea’s obsession with cryptocurrency data came after the country’s hackers spent years stealing money from the global financial system.
“The market has changed where banks are more secure, and cryptocurrency is a totally new market,” Dobson explained. “We’ve seen them go after end-users, crypto exchanges, and now the crypto bridges.”
The North Korean government consistently denied involvement in any cyber-enabled theft.