Jimmy Su, Chief Security Officer at Crypto Exchange, has been flooded with fake resumes that Binance believes are written by North Korean attackers every day. Decryption. In his view, North Korean nation-state actors are the only threat facing today’s crypto industry.
Su explained that North Korean attackers are problematic throughout the eight years of exchange, but recently hackers have raised the game on cryptography.
“The biggest vector for the crypto industry right now is the national actor of DPRK (with) Lazarus, particularly DPRK,” Su said. Decryption“They have had a cryptography focus over the past two or three years and have been extremely successful in their efforts.” He added that “almost all the massive DPRK hacks” involves fake employees helping to promote the attack.
How North Korea attacks crypto exchanges
Also known as DPRK or North Korea, the Democratic Republic of South Korea, is home to the Lazarus Group, one of the world’s most prolific hacker clans. The group is believed to be responsible for the infamous Bibit $1.4 billion hack in March, according to the FBI. This is the biggest hack in the history of code.
Su said Binance is aware that North Korean attackers are about to be hired in the company. One-way exchange claims to discard resumes every day based on their tendency to use certain resume templates. The company was not willing to share details of the red flag on its resume. Decryption.
If these resumes have passed the initial vibe check, the company will need to ensure that the rise of AI is only becoming more difficult and that the applicant is legal on video calls.
“Our pursuits showed that the actor operatives (indicate) (indicate) had resumes, primarily Japanese or Chinese surnames,” Su explained. “But now, AI and AI events allow them to fake it to look like any kind of developer. Recently, we’ve seen them as candidates in the Middle Eastern Europe.
“The only real good detection is that they have a slow internet connection almost always,” he added. “What’s happening is that translations and voice changers are working during the call, which is why they’re always behind.”
There are other ways Binance can detect North Korean applicants. This usually breaks deepfakes, such as asking them to put their hands on their faces, but Binance doesn’t want to reveal all the tricks out of fear that the attacker may be reading this article.
Other employers are known to ask candidates to say negative things about North Korea’s supreme leader Kim Jong Woon.
Binance claims he has never hired a national-state actor. But they are not very certain. As a result, they may even monitor current employees for suspicious behavior. All financial institutions do at some extent.
Ironically, Su’s research shows that DPRK employees are usually one of the company’s top performers in a given role. That’s probably because there are people who do the same job in multiple time zones, he explained. Therefore, Binance tracks the output of employees when they work.
If the workers appear to be out of sleep, it may be a sign that they are part of the infamous Lazarus group.
How else is North Korea attacking?
There are two other frequent attack modes adopted by North Korean provincial officials, Su said. One is addiction to public NPM libraries with malicious code, and the other sees fraudulent state making false work offers to crypto employees.
A Node Package Manager (NPM) library, or package, is a collection of reusable code that developers often use. Malicious attackers can replicate these packages and insert small code that can have serious consequences while maintaining the original functionality. Once this is picked up, malicious code will be embedded deep into the system as developers build on it, Su said.
To avoid this becoming an issue, Binance needs to pass through the cord with a fine tooth comb. Major crypto exchanges also share intelligence related to telegram and signal groups security. This means you can flag your venom library and new DPRK techniques with your colleagues.
“The DPRK Group will (and also) try to schedule calls with external employees,” Su said. Decryption. “As a Defi project or an investment company. In the worst case scenario, they simply recruit them for a high-level job and take part in the interview to pay twice or three times.”
In a fake interview, Su explained that DPRK hackers would claim that Cole had “some sort of video or voice issue” before sending the link to the victim to update Zoom. He then said their devices were infected with malware.
Binance trained employees to report any phishing attempts made to employees. Due to the frequency of these reports, Su is confident that DPRK attackers are messaging Binance employees on LinkedIn every day.
The North Korean hacker stole $1.34 billion in 47 crypto-related incidents last year, the chain analysis report revealed. DPRK attacks have continued ever since, with Wiz’s Strategic Threat Intelligence Director estimated that $1.6 billion of Crypto was stolen through Fake IT Job Offer this year.
“The Lazarus group has always been a problem,” Su said. Decryption. “However, over the last two years, they have switched focus and switched more resources to crypto.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
