North Korea now targeting applicants to major US AI and crypto firms, and there’s a twist
North Korean agents have created a fake job-application platform picking out applicants to major US AI and crypto firms, researchers said in a new report. Pyongyang has been at it for years, of course, but this time, there’s a catch.
According to security firm Validin, which discovered the new scheme, North Korean tech workers are now working to gain long-term access to the computers of applicants before they join a company, rather than simply impersonating employees of those firms.
In other words, the operation, called “Contagious Interview” by Validin, now focuses on compromising real job-seeking individuals and stealing the know-how for the Kim Jong Un regime. And it’s done with the help of a fake jobs platform.
“Going after job seekers gives North Korean actors a huge advantage. Instead of trying to slip past an employer’s defenses, they take over the entire hiring process and make it feel completely legitimate to individuals,” Validin’s CEO Kenneth Kinion told CNN.
This way, applicants assume they’re just doing a normal coding test or following steps for a promising job opportunity. And if they believe everything’s legit, they’re much more likely to click on and open any files the supposed interviewer sends them.
More specifically, candidates are lured into fake job opportunities, guided to record video responses, and prompted to “fix” their webcams using a helper tool. This seemingly innocuous step delivers malware directly to the target’s system.
The fake platform – hosted at lenvny[.]com – mimics the style of Lever, a well-known headhunting platform boasting tens of thousands of customers.
Validin describes the illicit job platform as a “campaign designed to socially engineer and compromise people seeking jobs in a variety of roles, including software developers, AI researchers, cryptocurrency professionals, and other technical and non-technical job seekers while mimicking leading brands in these areas.”
Among the fictional jobs advertised on the North Korean-built platform are a “product manager” related to Claude, an AI chatbot developed by Anthropic.
According to Validin, identifying confirmed victims of the scheme is quite challenging because many candidates don’t want their current employer to discover they’re applying for positions elsewhere and are therefore less likely to report anything suspicious.
For years, North Korean actors have used fake identities and sometimes passed interview screenings to infiltrate US companies, especially in the IT sector. They then send the money back to Pyongyang to support the regime’s rogue weapons program.
The conversation on this topic is live. Join in the discussion.
Just last week, the US Department of Justice announced that five people had pleaded guilty to helping North Korean actors obtain remote IT employment with US companies to commit fraud.
The scheme impacted over 136 companies, generated more than $2.2 million in revenue for the Kim Jong Un regime, and compromised the identities of more than 18 Americans. Dozens of similar operations have been discovered.
Unlock more exclusive Cybernews content on YouTube:
