Shaulov said the group was targeting engineers based on their LinkedIn profiles, looking for people with "privileged access."
When candidates ran a routine installation, malware was actually installed, which could expose wallets, keys, and production systems.
"What they're basically doing is that they are weaponizing a legit interview ... to create a very legit and authentic interaction with candidates," Michael Shaulov , the CEO of Fireblocks, told CNBC.
According to the firm, the hackers were able to closely resemble a legitimate Fireblocks hiring process and impersonate recruiters, conduct Google Meet interviews and share take-home assignments via GitHub .
Fireblocks said hackers used fake job interviews to compromise developers and gain access to crypto infrastructure.
Digital asset infrastructure company Fireblocks said it has disrupted a North Korea -linked job recruitment impersonation scam that was targeting digital assets.
He said that the firm identified almost a dozen fake profiles that were continuously changing their company brands, and that they believe this scam has been active for the past few years.
"We were able to basically interact with the hackers and basically collect what we call 'indication of compromise,' but essentially kind of like the fingerprints of the tools and the weaponry and the malware that they were using in that campaign," Shaulov said.
Fireblocks worked with LinkedIn and law enforcement to get the profiles taken down, he added.
... continue reading