North Korean Cyber Threats Escalate with Crypto Job Posting Hacks, Report Reveals
As the crypto industry continues to grow massively in adoption, North Korean operatives have escalated their infiltration tactics into the sector by exploiting job postings, a recent investigation by DL News has revealed. Shaun Potts, founder of crypto-specific recruiting firm Plexus, noted: It’s an operational hazard for the industry. It’s an ongoing thing, in the […]
As the crypto industry continues to grow massively in adoption, North Korean operatives have escalated their infiltration tactics into the sector by exploiting job postings, a recent investigation by DL News has revealed.
Shaun Potts, founder of crypto-specific recruiting firm Plexus, noted:
It’s an operational hazard for the industry. It’s an ongoing thing, in the same way that hacking is a thing within tech. You can’t stop it, but you can minimise its risks.
A Closer Look At The Method
Cybersecurity experts said North Korean hackers use social engineering to target cryptocurrency companies. Security expert Taylor Monahan explained how these ‘nefarious’ hackers trick employees into “unwittingly” allowing them access to the company’s private data.
According to Monahan, the attackers usually approach potential victims on social networks or specialized messaging apps, offering fake jobs or impairments to technical support requests.
After that communication is established, they convince employees to download files filled with malicious software in the name of a “skills test” or resolve a software bug, leading to catastrophic data breaches.
For example, one long-time fave method: – Contact employee via social/messaging app – Direct them to a Github for a job offer, “skills test,” or to help with a bug – Rekt individual’s device – Gain entry to company’s AWS – Rekt company (and their users)https://t.co/nVZ9tVJgKH pic.twitter.com/NJPSJEH1kF
— Tay
Tags:
What's Your Reaction?