One of those schemes was uncovered by the US back in May, and a recent investigation by cybersecurity firm Mandiant Inc confirmed it. Basically, North Korean IT workers living abroad were stealing resumes from LinkedIn to get jobs in the crypto realm. Nearly identical language was found on multiple accounts, and the idea was that once inside these crypto companies, these IT workers could access trends and information that would allow the North Korean government to launder crypto better.
Some of these things were broad trends, such as the price of certain currencies or things like NFTs. But others were things like security vulnerabilities that the North Korean government would be able to take advantage of. All of them would be loopholes around international sanctions on the country and would effectively fund a government that the world is working hard to make sure isn’t funded. The North Korean government has denied any involvement in cyber theft.
“It comes down to insider threats,” said Joe Dobson, a principal analyst at Mandiant. “If someone gets hired onto a crypto project, and they become a core developer, that allows them to influence things, whether for good or not.”
“These are North Koreans trying to get hired and get to a place where they can funnel money back to the regime,” said Michael Barnhart, a principal analyst at Mandiant.