Fireblocks said it has disrupted a North Korea-linked job recruitment impersonation scam that was using LinkedIn. The hackers impersonated the digital asset infrastructure company’s hiring process. CEO Michael Shaulov warned that the hackers were targeting people from LinkedIn profiles, looking for engineers with privileged access.
What they’re basically doing is that they are weaponizing a legit interview to create a very legit and authentic interaction with candidates, Shaulov said. When candidates ran a routine installation, malware was actually installed, which could expose wallets, keys and production systems. Shaulov said the group was targeting engineers based on their LinkedIn profiles, looking for people with “privileged access.”
Fireblocks said hackers used fake job interviews to compromise developers and gain access to crypto infrastructure. The firm identified almost a dozen fake profiles that were continuously changing their company brands, and they believe this scam has been active for the past few years. “We were able to basically interact with the hackers and basically collect what we call ‘indication of compromise,’ but essentially kind of like the fingerprints of the tools and the malware that they were using in that campaign,” Shaulov said. Fireblocks worked with LinkedIn and law enforcement to get the profiles taken down.
“Over 99% of the fake accounts we remove are detected proactively before anyone reports them,” a LinkedIn spokesperson said in a statement. The social media platform targeted to professionals said it is constantly investing in technology to detect “harmful behavior” and has guardrail procedures in place, like in-message warnings when chats move off of LinkedIn and verification badges for recruiters. Last year, Bybit experienced the largest crypto heist in history when hackers stole $1.5 billion in digital assets from the cryptocurrency exchange.
Leave a Reply