Fireblocks, a digital asset infrastructure company, announced that it has thwarted a North Korea-related recruitment scam targeting digital assets.
Fireblocks said hackers used fake job interviews to compromise developers and gain access to its crypto infrastructure.
The company said hackers were able to impersonate recruiters and conduct fraudulent activities that closely resembled the legitimate Fireblocks hiring process. google Interview via GitHub and share your take-home assignments.
“What they’re basically doing is weaponizing a legitimate interview to create a very legitimate and authentic interaction with the candidate,” Fireblocks CEO Michael Sharoff told CNBC.
If the candidate performed a routine installation, it could actually install malware and expose wallets, keys, and production systems.
Shaulov said the group targets engineers based on their LinkedIn profiles and is looking for people with “privileged access.”
He said the company has seen more than a dozen fake profiles that continually change their company’s brand and believes the scam has been active for several years.
“We were able to basically interact with the hackers and basically collect what we call ‘indications of compromise,’ which are essentially like fingerprints of the tools, weapons, malware that they were using in that campaign,” Shaulov said.
Fireblocks worked with LinkedIn and law enforcement to remove the profiles, he added.
“More than 99% of the fake accounts we remove are proactively detected before anyone reports them,” a LinkedIn spokesperson said in a statement.
The professional social media platform said it continues to invest in technology to detect “toxic behavior” and has put in place guardrail steps such as in-message warnings when chats leave LinkedIn and verification badges for recruiters.
Last year, Bybit experienced the largest cryptocurrency heist in history when hackers stole $1.5 billion in digital assets from a cryptocurrency exchange.
Analysts at blockchain analysis firm Elliptic linked the attack to North Korea’s Lazarus Group, a notorious state-sponsored hacker group that has siphoned billions of dollars from the cryptocurrency industry.
Lazarus Group’s history of targeting crypto platforms dates back to 2017, when the group infiltrated four exchanges in South Korea and stole $200 million worth of Bitcoin.
Shaulov, who helped investigate the 2017 Lazarus Group attack on cryptocurrency platforms, said hackers, especially those associated with North Korea, are evolving at “the speed of light.”
In 2017 and 2018, he said, it was “actually very easy” to identify grammatical and typographical errors. But now, “it looks like they graduated from Oxford.”
“It’s clear that AI is making attackers more sophisticated and much harder to detect,” Sharoff said.
