Crypto exchange Kraken has explained how it identified a potential North Korean threat actor pretending to be a job applicant. The hacker attempted to infiltrate the ranks of the US tech firm by applying for a job position, the exchange detailed . The impersonated applicant applied for an engineering role at Kraken, raising multiple red flags during different stages of interview. “From the outset, something felt off about this candidate,” Kraken wrote in a blog on Thursday. “Even more suspicious, the candidate occasionally switched between voices, indicating that they were being coached through the interview in real time.” However, the exchange said that it put the candidate through their interview paces in order to “learn more about their tactics at every stage of the process.” The Truth Was Clear, This Was Not a Legitimate Applicant: Kraken Before the interview, Kraken said that industry partners had tipped them off that North Korean hackers were actively applying for jobs at crypto companies. Per the investigations, the candidate initially joined a video call using a different name from the one on his resume. Further, Kraken identified that the hacker’s email address matched one of the addresses linked to the North Korean hacker group . “We discovered that one of the emails associated with the malicious candidate was part of a larger network of fake identities and aliases.” Besides, among the candidate’s multiple identities, one in this network was also a “known foreign agent on the sanctions list.” Suspect Was Put Through Multiple Technical Infosec Tests The exchange carefully advanced the candidate through the hiring rounds instead of turning him down. Kraken’s security and recruitment teams put the hacker through multiple rounds of technical infosec tests and verification tasks. These tests were “designed to extract key details about their identity and tactics,” the team wrote. During the final round of interview, traps were set when the hacker was asked to verify his location and recommend nice restaurants in the city he claimed to live in. “At this point, the candidate unravelled,” Kraken said, adding that the hacker struggled with the basic verification tests. “Don’t trust, verify,” said Nick Percoco, Kraken’s chief security officer. “State-sponsored attacks aren’t just a crypto, or U.S. corporate, issue – they’re a global threat.” The post Kraken Spots North Korean Job Seeker Attempting to Gain Exchange’s Access appeared first on Cryptonews .
