How to identify a North Korean hacker who was trying to get a job at Kraken

Our dedicated security and IT teams successfully defeat a wide range of bad actors every day. We know how vast the attack vector of all major companies is through years of experience. And when we release today, we can include unexpected areas such as the company’s hiring process.

Our team recently applied for a job at Kraken and confirmed attempt to penetrate the North Korean hackers.

https://www.youtube.com/watch?v=2VXHLNJKBBI

See the entire coverage of CBS News on how to identify North Korean hackers who tried to get a job at Kraken and then strategically interact.

Our team carefully developed the candidate through the employment process and learned more about tactics at all stages of the process, and it started as a everyday recruitment process for engineering roles.

This is a established challenge for the encryption community, and it is estimated that it stole more than $ 650 million from North Korean hackers in 2024. We will release these events today as part of their continuous transparency efforts and unveil today to help encryption and the company beyond the defense.

Candidate

From the beginning, I felt something about this candidate. In the initial phone with our recruitment manager, they joined the name of the resume and changed quickly. More suspicious, the candidate sometimes shifts between the voices and indicates that it is coaching in real time through interviews.

Prior to this interview, industry partners worked with us that North Korean hackers were actively applying for jobs in a crypto company. We received a list of email addresses connected to the hacker group, and one of them coincided with the email used by the candidate to apply to Kraken.

With this information in hand, Red Team began to investigate using the OSINT (Open-Source Intelligence Gathering) method. One method is associated with violation data analysis that hackers often use to identify users with weak hackers or reused passwords. In this case, we found that one of the malicious candidates was part of the larger fake identity and nickname network.

This meant that our team found a hacking task that set several identities to apply for encryption space and other roles. As our team identified the business -related email address connected to them, some names were previously hired by many companies. One identity of this network was a foreign agent known in the sanctions list.

As our team dig deeper into the candidate’s history and credentials, technical inconsistencies appeared.

• The candidate used a remote COLOCED MAC desktop, but interacted with other components through the VPN, a setting that is commonly distributed to hide location and network activities.
• Their resume was connected to the Github profile containing the email address exposed to the past data violation.
• The main ID form of the candidate seemed to be changed using the stolen details in the case of status two years ago.

At this point, the evidence was clear, and our team was convinced that this was not a suspicious job seeker but an attempt to penetrate the state.

Turn the table -How the team responded

Our security and recruitment teams have studied their approach strategically without hiring them strategically through our strict hiring process, instead of leaning the applicant. This meant to perform technical infoji tests and verification tasks designed to extract major details of identity and tactics.

Last round interview? Kraken’s Chief Security Officer (CSO) Nick PercoCO and Casual Chemistry with other team members. What the candidate did not realize was that this was a trap.

Among the standard interview questions, our team has been in the second stage of certification prompt, confirming its position to the candidate, holding the government’s ID card, and asking them to recommend some local restaurants in the city they claim.

At this point, the candidate was released. They had difficulty in their expenses, expenses, and had difficulty in the basic verification test, and they could not convincingly answer real -time questions about residential cities or citizenship countries. At the end of the interview, the truth was clear. This was not a legitimate applicant, but a con artist who wanted to penetrate our system.

CSO Nick PERCOCO said about the event:

“Do not trust. Check it. This core encryption principle is more relevant in the digital age. The attacks sponsored by the state are simply encryption or US companies, not problems. They are global threats. All individuals or business handling are the goals and elasticity starts to prepare for operation to withstand these types of attacks.”

Main takeout

• Not all attackers are invading, and some try to pass the main gate. As cyber threats develop, security strategies should also be developed. To protect the organization, the overall and active approach is important.

• Creating AI is making tricks easier but not stupid. Attackers can deceive some of the recruitment process as in the technology evaluation, but true candidates usually pass real -time real -time verification tests. Avoid patterns of verification questions used by employment managers.

• The culture of productive paranoia is the core. Security is not just IT responsibility. In modern times, it is an organization’s way of thinking. We actively participated in this individual to identify the area to strengthen the defense of future penetration attempts.

When a suspicious job application is made, sometimes the biggest threat is disguised as an opportunity.