North Korea has built a shadow workforce of thousands of IT workers, according to US officials.
This ghost workforce is tied to North Korea’s cybercrime operations and is being used to carry out massive crypto hacks, The Wall Street Journal reported June 11.
For example, these shadow workers targeted a Sky Mavis engineer last year, posing as a recruiter on LinkedIn. After a phone conversation, the shadow worker handed him a document to review as part of the recruitment process. The document contained malicious code that allowed North Korean hackers to break into Sky Mavis and steal over $600 million in the Ronin Bridge hack.
These workers, spread across countries like Russia and China, earn up to $300,000 a year doing mundane tech work. They have previously impersonated Canadian computer scientists, government officials and independent Japanese blockchain developers, according to the report. Workers pose as potential recruiters or employees, conducting video interviews, according to the report.
To infiltrate crypto firms, North Korean hackers hire Western “front people”, the report notes. These people, or actors, attend interviews to get hired by crypto companies, who have no idea of their ties to hackers. Once hired, they make small changes to products to make them vulnerable, and hackers take over.
With the help of these ghost workers, North Korean hackers have stolen more than $3 billion over the past five years, according to Chainalysis.
More and more sophisticated
According to the WSJ report, North Korean hackers demonstrated technical sophistication in hacks that impressed US officials and researchers. They pulled off elaborate maneuvers that had never been seen before, the report said.
For example, North Korean hackers last year carried out what some researchers have called the first supply chain cascade attack.
They first attacked Trading Technologies, which develops online trading software. A 3CX employee, a Trading Technologies customer, downloaded a corrupted version of the Trading Technologies software. Then the hackers corrupted the 3CX software and used it to hack into 3CX customers, including cryptocurrency exchanges.
