North Korean pirates linked to the feat of $ 1.4 billion to target crypto developers using false recruitment tests infected with malware.
Cybersecurity Outlet The Hacker News reported that crypto developers have received coding assignments from malicious actors posing for recruiters. The coding challenges would have been used to deliver malicious software to without distrust developers.
The malicious actors approach Crypto developers on Linkedin and tell them about fraudulent career opportunities. Once they convinced the developer, the pirates send a malicious document containing the details of a coding challenge on Github. In the event of opening, the file installs thief malware capable of compromising the victim’s system.
The scam would be led by a North Korean hacking group known as Slow Pisces, also called Jade Sleet, Pukchong, Tradertraitor and UNC4899.
Cybersecurity professionals warn fraudulent job offers
Hakan Unnal, head of the Senior Security Operations Center for the CYVER Safety Company, Pirates often wanted to steal identification information from developers and access codes. He said that these actors often look for cloud configurations, SSH keys, iCloud keys, system metadata and application and access to the wallet.
Luis Lubeck, service project manager at the security company Hacken, told Cintelegraph that these hackers were also trying to access API keys or the production infrastructure.
Lubeck said the main platform used by these malicious actors is Linkedin. However, the Hacken team observed pirates using independent markets such as Upwork and Fiverr too.
“Threat actors arise as customers or job managers offering well -paid contracts or tests, especially in the DEFI or security space, which seems credible for developers,” added Lubeck.
Hayato Shigekawa, architect of main solutions at Chainalysis, told Cintelelegraph that hackers often created profiles of “credible” employees on professional networking websites and correspond to curriculum vitae which reflect their false positions.
They make all these efforts to finally access the company web3 which uses their targeted developer. “After accessing the company, pirates identify vulnerabilities, which can ultimately lead to exploits,” added Shigekawa.
In relation: Ethical pirate interceptions 2.6 million dollars in the Morpho laboratory feat
Beware of the concerts of unsolicited developers
Hacken’s ONCHAIN’s security researcher, Yehor Rudytsia, noted that attackers are becoming more and more creative, imitating bad traders to clean the funds and use psychological and technical attacks to exploit safety gaps.
“This makes the education of developers and operational hygiene as important as code audits or smart contract protections,” Rudytsie told Cointelegraph.
UNLAY has told Cointelegraph that some of the best practices that developers can make to avoid being the victim of these attacks include the use of virtual machines and sandboxes for tests, the verification of working offers independently and not executing the code from foreigners.
The security professional added that crypto developers should avoid installing unconceived packages and use good termination point protection.
Meanwhile, Lubeck recommended to contact the official channels to verify the identities of recruiters. He also recommended to avoid storing secrets in raw text format.
“Be very cautious with the” too beautiful-toothbinding “concerts, in particular the unstructed concerts”, added Lubeck.
https://www.youtube.com/watch?v=ndv0rfehetq
Review: Your AI ‘Digital Twin’ can take meetings and comfort your loved ones
