North Korean fraudsters suspected of copying people’s LinkedIn and Indeed profiles in a bid to land jobs at U.S. crypto firms

Boonchai Wedmakawand—Getty Images

North Korean hackers are raiding job sites like LinkedIn and Indeed and stealing tidbits of information from real profiles to build plagiarized resumes and land jobs at U.S. cryptocurrency firms, according to security analysts.

Security researchers at Mandiant Inc. told Bloomberg that fraudsters were attempting to secure employment at these companies as part of a bigger drive to raise funds for North Korean leader Kim Jong Un's regime.

Mandiant’s experts said that by harnessing information from crypto firms, North Korea’s government could collate information about future cryptocurrency trends.

This information was intended to help Pyongyang launder cryptocurrencies in a way that would allow the government to evade Western sanctions.


Fraudulent claims being made by North Koreans posing as crypto and IT experts included one person who said they had previously published a white paper on digital currency exchange, while another individual claimed to have worked as a senior software developer with a focus on blockchain technology.

Mandiant said it had identified various individuals suspected of working for North Korea who had successfully been employed as freelance workers.

“These are North Koreans trying to get hired and get to a place where they can funnel money back to the regime,” Michael Barnhart, a principal analyst at Mandiant told Bloomberg.

Funding weapons of mass destruction

Suspected North Korean hackers known as the Lazarus Group are thought to be behind high-profile multimillion-dollar cryptocurrency heists that have targeted U.S. firms this year.

Last week, the U.S. State Department said it would pay a reward of up to $10 million for information about individuals associated with malicious cyber groups linked to North Korea, such as the Lazarus Group, Bluenoroff, and Andariel—doubling the amount it initially offered in March.

North Korea has denied involvement in cryptocurrency hacks and digital theft.

Earlier this year, the U.S. government issued a warning that North Korean nationals were posing as citizens of other countries and attempting to secure work in international IT sectors.

“[North Korea] dispatches thousands of highly skilled IT workers around the world to generate revenue that contributes to its weapons of mass destruction and ballistic missile programs, in violation of U.S. and U.N. sanctions,” the advisory said.

North Korean IT workers could earn hundreds of thousands of dollars in some cases, officials said, and sent “a significant percentage of their gross earnings” back to Kim Jong Un’s regime in Pyongyang.

The majority of the workers referenced in the U.S. advisory are located in China and Russia, with some in Africa and Southeast Asia, according to American intelligence.

This story was originally featured on