Researchers have revealed that North Korean hackers are now creating a fake job application platform to screen applicants for major U.S. artificial intelligence and cryptocurrency companies. Hackers have been doing this for years, but researchers claim they have added a new twist to their operation.
North Korean hackers are now seeking long-term access to applicants’ computers before joining a company, rather than simply impersonating a company’s employees, according to security firm Balidin, which revealed a new development in the activity.
In an operation Validin researchers call “contagious interviews,” North Korean hackers are now targeting individuals to steal Kim Jong Un’s regime know-how and use fake recruitment platforms.
North Korean hackers target applicants
Balidin CEO Kenneth Kinyon said in an interview with CNN that tracking job applicants is expected to be an advantage for North Korean actors. Rather than trying to circumvent the employer’s defenses, they now take over the entire hiring process and make the individual seeking employment feel that it is completely legal. This way, applicants assume they have taken a standard coding test or followed the steps required for the job opportunity.
Kinion pointed out that if job seekers believe that everything being asked of them is legitimate, they’re much more likely to open a file sent to them for an interview. Specifically, candidates are directed to fake job postings, encouraged to record video responses, and prompted to use helper tools to repair their webcams. Although these steps seem easy and simple, they are steps hackers use to deliver malware directly to a target’s system.
The fake platform hosted on lenvnydotcom mimics the style of Lever, a popular headhunting website with tens of thousands of users.
Validin described the illegal recruitment platform as a “campaign designed to socially engineer and compromise people seeking employment in a variety of roles, including software developers, AI researchers, crypto experts, and other technical and non-technical job seekers, while imitating major brands in these fields.”
Among the fictitious jobs North Korean hackers are advertising on their websites is “product manager”, which is related to Claude, an AI chatbot developed by artificial intelligence company Anthropic. Validin noted that confirmed victims of this scheme are extremely difficult to identify because many candidates refuse to disclose or lie to their current employers that they are applying for positions elsewhere, and are therefore less likely to report any suspicious activity they spot.
North Korean officials step up attacks
In recent years, North Korean criminals have used false identities and in some cases passed interviews to infiltrate American companies, particularly those in the IT sector. The bad guys then repatriate the funds from their ruthless operations to support the regime’s illicit weapons programs.
The U.S. Department of Justice announced last week that five people have pleaded guilty to assisting North Korean hackers.
These people are accused of helping hackers obtain remote IT jobs with US companies to commit fraud. In all, the scheme affected more than 136 companies and generated more than $2.2 million in illicit funds that were transferred to the Kim Jong Un regime.
Additionally, the identities of more than 18 Americans were compromised, and the activity spanned multiple industries, the report said.
Audricus Fagnasay, 24, Jason Salazar, 30, and Alexander Paul Travis, 34, were also among those arrested. They all pleaded guilty to one count of wire fraud conspiracy. The court said they provided their identities to outside IT employees to help them obtain employment with U.S. companies. They also hosted work laptops at home and installed remote access software on them without permission, making it appear as if the IT workers were working remotely from home.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
