Bloomberg: North Koreans plagiarise LinkedIn résumés to earn bitcoins

North Koreans are plagiarising online résumés from legitimate LinkedIn and Indeed profiles to obtain jobs in U.S. cryptocurrency companies. reports, citing security researchers from Mandiant Inc.

Typically, North Koreans attribute specialisation in the technology sector and experience in software development. They actively engage on GitHub, learning about the latest trends in the crypto sphere.

Researchers from Mandiant reported CVs from North Korean residents in which they published a white paper for the digital currency Bibox or presented themselves as senior software developers at a blockchain-focused consulting firm.

Experts identified on employment sites several suspected North Koreans who were hired as contractors. They declined to name employers.

Pretending to be from other countries, North Korean residents seek remote work in crypto firms to earn money or launder funds for the sanctioned government, say Mandiant.

The North Korean government denies involvement in any cyber theft.

In April, Aztec Network CEO Jonathan Wu described being “a little shocked” by his interview experience with a potential North Korean hacker.

“It’s scary, funny, and a reminder that you have to be paranoid and triple-check your methods OpSec,” he wrote on Twitter.

Among the techniques employed by suspected North Korean hackers is the launch of a fake Indeed.com site to harvest information about its visitors, Google Alphabet Inc. reports. The attackers manipulate job seekers into submitting résumés, to later hack their computers or steal data.

Google data show hackers also spoofed domains such as ZipRecruiter, Disney’s job page, and Variety Jobs.

In February, the security firm Qualys Inc. said it uncovered a phishing campaign in which the North Korean Lazarus Group targeted job candidates at Lockheed Martin Corp.

Hackers sent messages purportedly from Lockheed Martin, attaching malware. In a similar fashion, they impersonated BAE Systems Plc and Northrop Grumman Corp.

According to Mandiant, North Korea has focused on stealing cryptocurrency after years of attacks on the global financial system.

“The market has changed, banks are safer, and cryptocurrency is a completely new frontier. We’ve seen them pursue end users, crypto exchanges, and now crypto bridges,” said the analysts.

The evidence uncovered by Mandiant supports the accusations made by the U.S. government in May.

As noted, the Treasury, the State Department and the FBI issued a warning document about North Korean IT specialists taking freelance roles in various tech, including cryptocurrency projects.

U.S. authorities say North Korea earns income through such staff, which it directs toward financing weapons programmes.

Read ForkLog’s Bitcoin news in our Telegram — crypto news, prices and analysis.