North Korea reportedly offered a fake career job interview to an employee of a cryptocurrency company with the promise of a high salary while attempting to hack the employee’s personal computer by spreading malware during the interview. North Korea’s hacking methods are becoming bolder and more sophisticated as it funds much of its nuclear and missile development with cryptocurrency stolen through cybercrime. As the U.S. and South Korea have stepped up joint efforts to address North Korea’s cyber threats, concerns are growing about the damage hacking could do to South Korean companies.
On its website, Estonian cryptocurrency exchange CoinsPaid announced on Monday the results of an investigation into the theft of $37.3 million in cryptocurrency by North Korean hackers on July 22.
According to the announcement, in June and July, employees of the company received a job offer from a company through LinkedIn, a social media channel for employment and recruitment, that promised a high salary of $16,000 to $24,000 per month. Unaware that the job was fake, an employee accepted the offer and was asked to install a specific application (app) during the video interview. The app contained malware and the hackers obtained the employee’s personal information that allowed access to the company’s internal network and stole cryptocurrency.
Hackers had previously carried out more than a dozen spearphishing attempts since March to attack vulnerabilities in the company’s systems, but were unsuccessful. This time, the hackers changed their tactics using social media. “The system is designed in a way that makes it impossible to hack without gaining access to employees’ computers,” CoinsPaid said. “The hackers spent six months learning details about the organization’s structure and team members before launching the attack.
The company also called the hack “the same hacking pattern as Lazarus.” Lazarus, founded in 2007 under North Korea’s General Intelligence Bureau, is known for high-profile hacks against Sony Pictures in 2014 and Bangladesh’s central bank in 2016. In February, the South Korean government designated Lazarus as a target of its cyber sanctions against North Korea.
Kyu-Jin Shin newjin@donga.com