克雷肯（Kraken）抓住了一個試圖通過工作面試滲透該公司的朝鮮特工

當受訪者使用與簡歷上列出的名字不同的名字時，克雷肯（Kraken）注意到出了問題。

A North Korean crypto agent was caught by crypto exchange Kraken during a job interview, according to a blog post by the exchange.

根據交易所的博客文章，一名朝鮮加密貨幣特工在工作面試中被加密貨幣交易所Kraken抓住。

The interviewee slipped up on the first call by giving a different name than the one listed on his resume, and he displayed signs of having someone coach him during the interview.

受訪者在第一個電話中打了一個與簡歷上列出的名字不同的名字，他在採訪中表現出了有人指導他的跡象。

However, the interviewer noticed something was wrong. Thanks to a partner company giving the exchange a heads-up, the exchange was aware of North Korean operatives targeting crypto exchanges. For example, other crypto companies were aware of the email being used because it was flagged as being associated with disreputable activities.

但是，面試官注意到出了點問題。多虧了一家合作夥伴公司提出交易所，交易所意識到了針對加密交易所的朝鮮特工。例如，其他加密公司知道使用的電子郵件是因為它被標記為與不可授權的活動相關聯。

The exchange performed open intelligence analysis on the information they provided, including the email address, and discovered that it had been used multiple times by other employees hired at crypto companies. Many signs were pointing to an organized campaign.

交易所對他們提供的信息（包括電子郵件地址）進行了公開的情報分析，並發現該信息已被加密貨幣公司僱用的其他員工多次使用。許多跡像都指出了有組織的運動。

The applicant routed his internet traffic through a stand-alone Macintosh workstation to try to disguise his location. Open-source intelligence linked the applicant’s email to a known data breach.

申請人通過獨立的Macintosh工作站將互聯網流量置於互聯網流量，以試圖掩蓋他的位置。開源情報將申請人的電子郵件與已知的數據洩露聯繫起來。

Even the applicant’s identity could be traced to a possible identity theft. Needless to say, the applicant was brazen in his attempts to infiltrate Kraken.

甚至申請人的身份也可以追溯到可能的身份盜用。不用說，申請人試圖滲入Kraken時是艱難的。

Crypto companies like Kraken often employ remote workers to maintain their exchanges. Although the process can be incredibly convenient for workers and managers, there are also a few security holes.

像Kraken這樣的加密公司經常僱用遠程工人來維持其交流。儘管對於工人和經理來說，該過程可能非常方便，但也有一些安全漏洞。

Kraken has learned a valuable lesson during this experience, strengthening its resolve to verify new employees rather than trust them at face value. The North Korean operatives could have easily infiltrated the company and used their position to inject malware into the company’s software or even steal valuable information.

克雷肯（Kraken）在這一經驗中學到了一個寶貴的教訓，加強了其驗證新員工的決心，而不是以表面價值來信任他們。朝鮮特工很容易滲透到公司，並利用其位置將惡意軟件注入公司的軟件，甚至竊取有價值的信息。

The infiltration attempt was relatively sophisticated, so, surprisingly, the applicant made such an obvious mistake, using a different name from the one listed on his resume.

滲透嘗試相對複雜，因此，出乎意料的是，申請人使用與簡歷上列出的名稱不同的名稱犯了一個明顯的錯誤。

State-sponsored hackers, notably from North Korea, have surprised the world with multiple attacks. They will probably continue their attempts to breach crypto networks for some time.

由國家贊助的黑客，尤其是來自朝鮮的黑客，通過多次攻擊使世界驚訝。他們可能會繼續嘗試違反加密網絡一段時間。

North Korean hackers have tried many exploits, including malware, phishing attacks, and now a social engineering attempt. There is a new trend of North Korean hackers infiltrating systems to perform exploits from within the system.

朝鮮黑客嘗試了許多漏洞，包括惡意軟件，網絡釣魚攻擊以及現在的社會工程嘗試。朝鮮黑客滲透系統有一種新的趨勢，可以從系統內部執行漏洞。

From recent events, one such example of this trend includes the North Korean Lazarus Group creating shell companies in America to exploit job applicants. Usually, the goal is to steal cryptocurrencies because they are easy to conceal and transfer across borders, even to North Korea.

從最近的事件開始，這種趨勢的一個例子包括朝鮮拉撒路集團在美國創建殼牌公司來利用求職者。通常，目標是竊取加密貨幣，因為它們易於掩蓋和轉移到邊界，甚至到朝鮮。

Social Engineering attacks may continue to become a mainstay with the crypto industry, compelling many crypto investors to be extra vigilant when communicating online.

社會工程攻擊可能會繼續成為加密貨幣行業的中流tay柱，迫使許多加密投資者在網上交流時要保持警惕。