Kraken的安全團隊挫敗了朝鮮黑客擔任求職者的複雜滲透嘗試

在一個引人注目的網絡安全警惕性的例子中，加密交易所Kraken透露了最近發現併中和朝鮮黑客試圖通過招聘過程滲透該公司。

Crypto exchange Kraken has disclosed a recent encounter with a North Korean hacker who attempted to infiltrate the company during its hiring process.

Crypto Exchange Kraken透露了最近與一名朝鮮黑客的相遇，該黑客試圖在公司招聘過程中滲透。

As recounted in a blog post, the applicant, applying for an engineering role, displayed anomalies like inconsistent names, a voice change mid-interview (implied to be due to live coaching, and an email address that matched intelligence from industry partners about a known hacker network targeting crypto companies.

正如博客文章中所述的那樣，申請人申請工程角色，顯示了諸如不一致的名稱，語音更改中的異常情況（暗示是由於實時教練造成的，以及一個與行業合作夥伴有關的情報匹配的電子郵件地址，涉及一家已知的黑客網絡針對Crypto Companies。

Instead of immediate rejection, Kraken's security team kept the candidate engaged, collecting intelligence as they advanced through the hiring stages. Using OSINT tools and breach data analysis, the team discovered a network of fake identities, past work credentials, and even a sanctioned foreign agent alias linked to the suspect.

克雷肯的安全團隊沒有立即拒絕，而是保持了候選人的參與，在招聘階段進步時收集了情報。使用OSINT工具和漏洞數據分析，團隊發現了一個虛假身份，過去的工作證書，甚至是與嫌疑人相關的受批准的外國特工別名的網絡。

During a final interview with Kraken's CSO, further identity verification like showing ID and answering local trivia was requested, ultimately confirming the applicant as an imposter.

在對Kraken的CSO進行的最後一次採訪中，要求進一步的身份驗證，例如顯示ID和回答本地瑣事，最終確認申請人為冒名頂替者。

Commenting on the event, Nick Percoco, CSO at Kraken, said:

CSO的Nick Percoco在評論該活動時說：

"State-sponsored attacks aren’t just a crypto, or U.S. corporate issue, they’re a global threat. Any individual or business handling value is a target, and resilience starts with operationally preparing to withstand these types of attacks. We're thankful for our partners at Chainalysis and other industry peers who contribute to the collective defense against bad actors."

“國家贊助的攻擊不僅是加密貨幣，還是美國公司問題，它們是全球威脅。任何個人或企業處理價值都是目標，彈性始於運營準備承受這些類型的攻擊。我們感謝我們在Chainalysiss和其他行業同行中為不利的演員做出貢獻的其他行業同行。”

The full story from Kraken:

Kraken的完整故事：

We recently had an interesting encounter with a North Korean hacker who tried to apply for a job at Kraken. It began with a routine application for an open engineering role. The applicant's email address caught our attention as it matched intelligence we had received from Chainalysis and other industry partners about a known hacker network targeting cryptocurrency companies.

最近，我們與朝鮮黑客遇到了一次有趣的相遇，該黑客試圖在Kraken申請工作。它始於一個例行的開放工程角色的應用程序。申請人的電子郵件地址引起了我們的注意，因為它與我們從Chainalysis和其他行業合作夥伴中獲得的有關瞄準加密貨幣公司的已知黑客網絡收到的情報。

Furthermore, throughout the hiring process, the applicant displayed anomalies that grew increasingly suspicious. Their name varied across different platforms and communications, and during one interview, the applicant's voice changed mid-call, which we later learned was likely due to live coaching from someone else. They also preferred to communicate through cloaked systems like colocated Macs and VPNs.

此外，在整個招聘過程中，申請人表現出越來越可疑的異常。他們的名字在不同的平台和溝通中有所不同，在一次採訪中，申請人的聲音改變了中間電話，我們後來了解到這很可能是由於其他人的實時教練。他們還寧願通過掩蓋的系統（例如CoLocyCole Croped Mac和VPN）進行通信。

Despite these anomalies, we didn't want to reject the candidate out of hand. Instead, our security team decided to keep them engaged and collect more intelligence as we advanced them through our standard hiring procedures. Using OSINT tools and breach data analysis, we discovered a network of fake identities, past work credentials, and even a sanctioned foreign agent alias linked to the applicant.

儘管存在這些異常，但我們不想拒絕候選人。取而代之的是，我們的安全團隊決定通過標準的招聘程序推進他們的智慧，並收集更多的智能。使用OSINT工具和漏洞數據分析，我們發現了一個偽造身份，過去的工作證書，甚至是與申請人相關的受批准的外國代理別名的網絡。

The true scope of the deception unraveled during a final interview with me. As we reached the final stages of the interview process, we realized we needed to take additional steps to verify the applicant's identity. We asked them to show their ID, a request which they refused, and we posed a question of local trivia, which they failed to answer correctly. At this point, we were able to confirm that the applicant was an imposter.

在對我的最後一次採訪中，欺騙的真正範圍揭露了。當我們到達面試過程的最後階段時，我們意識到我們需要採取其他步驟來驗證申請人的身份。我們要求他們顯示他們的ID，他們拒絕的請求，我們提出了當地瑣事的問題，他們無法正確回答。在這一點上，我們能夠確認申請人是冒名頂替者。

We notified the authorities and are working with our partners to mitigate any potential risk. We also want to thank the many people who helped us to identify and report this activity.

我們通知了當局，並正在與我們的合作夥伴合作以減輕任何潛在的風險。我們還要感謝許多幫助我們識別和報告這項活動的人。

This experience highlights a key challenge we're facing in crypto today. As attackers get more sophisticated, they're now walking through the front door, rather than just trying to breach the firewall. With AI now being used to create deep fakes and other forms of deception, we need to create more dynamic, real-time verification methods and foster a culture of security awareness across all departments of our organizations, not just IT.

這種體驗突出了我們今天在加密貨幣中面臨的關鍵挑戰。隨著攻擊者變得越來越複雜，他們現在走過前門，而不僅僅是試圖違反防火牆。現在，由於AI被用來創造深層假貨和其他形式的欺騙，我們需要創建更具動態的，實時的驗證方法，並促進組織各個部門的安全意識文化，而不僅僅是它。

Only by working together can we effectively combat this threat. We urge all companies and individuals in the crypto industry to be vigilant and take the necessary steps to protect themselves from North Korean hackers.

只有一起工作，我們才能有效地應對這一威脅。我們敦促加密行業的所有公司和個人保持警惕，並採取必要的步驟來保護自己免受朝鮮黑客的侵害。

We're also grateful for the work of our partners at Chainalysis and other industry peers who are helping to develop new tools and techniques for detecting and reporting malicious activity. Together, we can make a difference.

我們還感謝合作夥伴在鏈分析和其他行業同行的工作，他們正在幫助開發新的工具和技術來檢測和報告惡意活動。在一起，我們可以有所作為。