Kraken details how it spotted North Korean hacker in job interview
Kraken reported an attempted infiltration by a North Korean hacker posing as a job applicant for an engineering role. The applicant exhibited suspicious behavior, including using a different name and switching voices during the interview. Kraken advanced the candidate through the hiring process to gather intelligence on their tactics. Alerts from industry partners indicated North Korean actors were targeting crypto companies. The hacker's email matched one linked to a known group, revealing a network of fake identities used to apply at multiple firms. Technical inconsistencies included the use of VPNs and altered identification documents. The applicant's resume was associated with a GitHub profile linked to a past data breach. Final interviews included identity verification tests that the candidate failed, confirming the deception. Kraken emphasized the importance of verifying identities in the face of state-sponsored cyber threats. North Korea's Lazarus Group has been involved in significant crypto hacks, including a $1.4 billion theft from Bybit.
