- Kraken exposed a North Korean hacker posing as a software engineer, uncovering discrepancies like fake identities, voice changes during interviews, and suspicious technical setups.
- The exchange allowed the candidate to advance in interviews to gather intel on Lazarus Group’s hiring infiltration tactics.
- Lazarus Group has stolen $650M+ from crypto firms and is now shifting focus to European targets after U.S. scrutiny following the ByBit hack.
Leading cryptocurrency exchange Kraken has announced that it recently discovered an attempt to infiltrate its platform. The official statement revealed that a North Korean hacker claimed to be a software engineer and applied for a job with the exchange.
Initially, the hiring process appeared normal, but various technical issues and irregular behaviors led to various suspicions. First, the name the intended employee used on their resume was different from they used to join the interview call.
Also, there were occasions during the interview call when the voices were changing. This suggested that the someone else was coaching them through the interview call.
Kraken further revealed that the individual method of accessing the system included a mix of mac desktops and virtual private servers (VPS), a common setup for hiding one’s physical location. Based on these suspicious behaviors, Kraken’s hiring team cross-checked the applicant’s details.
The check made them discover that the applicant’s email address was the same as one industry partners had previously identified as belonging to the North Korean hacker group (Lazarus). Using a combination of breach data, email patterns, and other open-source intelligence techniques, the Kraken red team made an in-depth probe.
Kraken Reveals Broader Plot Targeting Crypto Firms
The team discovered that the candidate was one of many fake identities on the web and had even gained employment at some other cryptocurrency firms. Despite the discovery, Kraken allowed the candidate to move to the next interview rounds.
Their aim was to gather more information on the tactics this group used in applying for jobs at crypto companies. Kraken’s chief security officer, Nick Percoco, led the final interview. Percoco asked simple questions for the candidate to verify their identity.
Such questions included knowledge about their local environment. They were also asked to provide a proper identity verification live on the interview.
However, the applicant’s responses weren’t convincing at all, which made the team confirm its previous suspicions that the application was an attempt to infiltrate the company. Data shows that the North Korean hacker group stole more than $650 million from crypto companies last year alone.
Lately, there have been reports that the group is now targeting Europe-based crypto companies since their methods have now been cast in the U.S. following the ByBit hack.
Related Reading |
