North Korean Hackers Using Fake LinkedIn Job Offers

Image by Stock Snap, from Pixabay

North Korean Hackers Using Fake LinkedIn Job Offers

Reading time: 2 min

  • Kiara Fabbri

    Written by: Kiara Fabbri Multimedia Journalist

  • Justyn Newman

    Fact-Checked by Justyn Newman Lead Cybersecurity Editor

North Korean threat actors have been using LinkedIn to target developers through fake job recruiting schemes, as reported today by Hacker News. The attackers utilize coding tests as an initial method to infect victims, as highlighted in a report by Google-owned Mandiant.

North Korean recruiting-themed schemes have been widely used to deliver malware, including fake video conferencing apps, targeting job seekers on platforms such as LinkedIn and Upwork. After making initial contact, hackers guide victims to download malicious software via messaging apps like Telegram.

Mandiant’s researchers explained that recent crypto exchange heists are connected to a broader pattern of social engineering. In these schemes, developers are contacted under the pretense of job offers.

They showcase an example of an engineer who was sent a ZIP file containing malware disguised as a Python coding challenge, compromising the user’s macOS system with secondary malware. This malware persisted through macOS launch agents, further endangering the user’s system.

These tactics aren’t limited to developers. Finance professionals have also been targeted. In another incident, Mandiant observed a malicious PDF sent as part of a fake job offer for a senior position at a cryptocurrency exchange.

The PDF installed RUSTBUCKET, a backdoor malware that collects system data and runs files. It stayed active by posing as a “Safari Update” and connected to a command-and-control server.

According to the FBI, these types of cyberattacks are carefully planned. Hackers use personal information and build rapport with victims to make their schemes more convincing. Once contact is established, attackers may spend significant time engaging with their targets to foster trust.

To mitigate these risks, the FBI suggests verifying contact identities through different platforms, avoiding storing cryptocurrency wallet information on internet-connected devices, and using virtual machines for any pre-employment tests. They also recommend blocking unauthorized downloads and limiting access to sensitive information.

If you suspect your company has been targeted, the FBI advises disconnecting the affected devices from the internet and filing a detailed complaint with the FBI’s Internet Crime Complaint Center.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!
0 Voted by 0 users
Title
Comment
Thanks for your feedback
Please wait 5 minutes before posting another comment.
Comment sent for approval.

Leave a Comment

Show more...