North Korea is building a shadow workforce of thousands of IT workers, according to US officials.
This shadow workforce is linked to North Korea’s cybercriminal activities and is being used to carry out large-scale cryptocurrency hacks, The Wall Street Journal reported. report June 11th.
For example, these shadow workers last year targeted Sky Mavis engineers under the guise of LinkedIn recruiters. After a phone conversation, the shadow worker handed him documents for consideration as part of the hiring process. The document contained malicious code that allowed North Korean hackers to break into Skye Mavis and steal more than $600 million in the Roninbridge hack.
These workers are scattered across countries like Russia and China, earning as much as $300,000 a year in mundane tech jobs. So far, they have posed as Canadian IT officials, government officials, and freelance Japanese blockchain developers, according to the report. According to the report, employees conduct video interviews by impersonating recruiters or employees.
North Korean hackers are hiring Western “frontmen” to infiltrate cryptocurrency companies, the report notes. These frontmen, or actors, interview for jobs at cryptocurrency companies that have no idea of their ties to hackers. Once hired, they make small changes to products that make them more vulnerable to hackers taking over.
With the help of these shadow workers, North Korean hackers have stolen more than $3 billion over the past five years, according to Chainalysis.
increasingly sophisticated
The WSJ reports that North Korean hackers have demonstrated sophistication in hacking that has impressed U.S. officials and researchers. They carried out a sophisticated operation that had never been observed before, the report said.
For example, North Korean hackers last year carried out what some researchers called “the first chain attack of its kind.”
They first attacked Trading Technologies, which develops online trading software. A Trading Technologies customer, his 3CX employee, downloaded a corrupted version of Trading Technologies software. The hacker then corrupted his 3CX software and used it to hack his 3CX customers, including cryptocurrency exchanges.
