Under the disguise of an engineer candidate, a North Korean hacker tried to gain access to the development ranks at the cryptocurrency exchange Kraken.
The report of the team stated that the candidate immediately appeared suspicious. The applicant initially entered the online interview with a different name than the one listed on his resume. He quickly changed the name. The candidate’s “periodic intonation changed” during the interview, as if someone were giving him directions in real-time.
Partners in the industry warned Kraken about encountering spy-like individuals amongst potential employees. They also provided an email list linked to hackers from North Korea. One Kraken applicant used an email address from the list when applying.
Specialists at the exchange launched an investigation which revealed that the hacker had created a fake identity and used aliases to try and get hired by companies within the crypto-industry and in other fields. The attacker was able to obtain the position he wanted in some instances.
On closer inspection, experts found that the hacker had tried to conceal his location by forging documents using other people’s information.
To gain an understanding of the candidate’s identity and his tactics, they conducted several interviews with him and checked out his background. The hacker had to present his ID in order to be able meet the team online. He was also asked for recommendations of places in the city he claimed to live. The applicant was taken aback by these routine checks, which left him unable to give convincing answers.
“Don’t trust, verify. In the digital age, this crypto-principle is even more important. State-sponsored cyber attacks don’t affect just crypto or U.S. corporations – it’s a worldwide threat. “Anyone or any business that handles value can be a victim, and resilience begins with operationally planning to resist these attacks,” Nick Percoco commented about the incident.
As cyber-threats evolve, Kraken experts noted that maintaining security depends more on an holistic proactive approach.
A culture of paranoia that is productive and promotes innovation will be key. ”
North Korean hackers created fake companies to scam users
A group affiliated with the North Korean hacking organisation Lazarus has registered three fake companies in order to spread malware. According to the Silent Push Report, this is what has been reported.
BlockNovas Angeloper Agency, and SoftGlide have been used by deceptive companies to trick users into believing they are talking with real people.
Zach Edwards, senior analyst at Silent Push, said that the two fictional companies were registered in the United States.
Silent Push claims that hackers use images created by AI to create fake profiles of employees. The hackers also take photos of actual people in order to enhance their credibility.
According to analysts, attackers are able to find their victims by posting fake job advertisements on GitHub or freelancing sites.
The potential victim is confronted with a recording mistake during the interview. It is possible to download malware using a simple copy and paste trick.
Silent Push has identified 3 types of “infectious software”: BeaverTail InvisibleFerret and Otter Cookie. The programs are designed to steal data, such as cryptocurrency wallet keys.
Edwards claims that the hacking has been ongoing since the FBI liquidated Blocknovas in 2024. The expert pointed out that some of the victims are public figures.
Hackers steal $100,000 from CEO Emblem Vault through Zoom
Jake Gallen of Emblem Vault NFT, the platform’s head, claims to have lost over $100,000 due to attacks using Zoom.
He said that the incident happened during a video chat with a member of the crypto-community who claimed to be the owner of an online mining platform.
Gallen said that scammers had installed GOOPDATE on his computer. The loss of Bitcoins and Ethereum was caused by the compromise of several cryptocurrency wallets.
Gallen worked with The Security Alliance to analyse the attack. Gallen determined that ELUSIVE COMPET, a social engineering group, which uses malware to steal cryptocurrencies and install it, was the culprit.
Gallen claims that he was in a Zoom call with a crypto enthusiast with 26,000. The attacker installed the software using remote access during the video call.
Experts from SEAL tested Zoom, and found that the default setting allows users to remotely access a computer.
According to a researcher known as samczsun, Cointelegraph reported that in order to be successful with an attack, the attacker must convince the victim manually to grant access.
Hackers later hacked Gallen’s X-account and used it in private messages to try to find new victims. The hackers also gained access Ledger’s hardware wallet even though Gallen used it multiple times in the past three years.
The SEALs have linked the ELUSIVE COMET group with Aureon Capital. This company is responsible for millions of dollars of stolen funds and presents a serious risk to its users due to its “extended backstory.”
