As North Korean hackers become more prolific, crypto exchange Kraken shares its know-how that you can use to catch your own impersonator.
The major US-headquartered crypto platform said it managed to identify a North Korean hacker trying to infiltrate the company by applying for a job.
"What started as a routine hiring process for an engineering role quickly turned into an intelligence-gathering operation, as our teams carefully advanced the candidate through our hiring process to learn more about their tactics at every stage of the process," the company said.
The first signs that something was off appeared during the initial call with the "candidate.” They joined under a different name from the one on their résumé, before quickly changing it, and kept switching between voices while likely being coached through the interview in real time. Moreover, the candidate's email matched one of the addresses on a list of North Korea hacker-linked emails.
Also, the "state-sponsored" infiltrator was using remote colocated Mac desktops but interacted with other components through a VPN. Their résumé was linked to a GitHub profile with an email address exposed in a past data breach, and their primary form of ID appeared to be altered.
As Kraken dug deeper, they discovered that one of the emails associated with the candidate was part of a larger network of fake identities and aliases.
"This meant that our team had uncovered a hacking operation where one individual had established multiple identities to apply for roles in the crypto space and beyond," the company said.
However, as Kraken already knew who they were dealing with, they continued the recruitment process to study North Korean tactics before setting up their final trap — a "casual chemistry interview" with Kraken’s Chief Security Officer Nick Percoco and other team members.
Among standard questions, the candidate was asked to verify their location, hold up a government-issued ID, and even recommend some local restaurants in the city they claimed to be in. According to Kraken, the imposter struggled with all of this, only proving they were not a legitimate applicant.
The company stressed that when trying to protect your company from similar infiltration attempts, a holistic, proactive approach is critical. Also, they advised avoiding patterns in the types of verification questions that hiring managers use, as genuine candidates will usually pass real-time, unprompted verification tests.
Your email address will not be published. Required fields are markedmarked