Kraken的安全团队挫败了朝鲜黑客担任求职者的复杂渗透尝试

在一个引人注目的网络安全警惕性的例子中，加密交易所Kraken透露了最近发现并中和朝鲜黑客试图通过招聘过程渗透该公司。

Crypto exchange Kraken has disclosed a recent encounter with a North Korean hacker who attempted to infiltrate the company during its hiring process.

Crypto Exchange Kraken透露了最近与一名朝鲜黑客的相遇，该黑客试图在公司招聘过程中渗透。

As recounted in a blog post, the applicant, applying for an engineering role, displayed anomalies like inconsistent names, a voice change mid-interview (implied to be due to live coaching, and an email address that matched intelligence from industry partners about a known hacker network targeting crypto companies.

正如博客文章中所述的那样，申请人申请工程角色，显示了诸如不一致的名称，语音更改中的异常情况（暗示是由于实时教练造成的，以及一个与行业合作伙伴有关的情报匹配的电子邮件地址，涉及一家已知的黑客网络针对Crypto Companies。

Instead of immediate rejection, Kraken's security team kept the candidate engaged, collecting intelligence as they advanced through the hiring stages. Using OSINT tools and breach data analysis, the team discovered a network of fake identities, past work credentials, and even a sanctioned foreign agent alias linked to the suspect.

克雷肯的安全团队没有立即拒绝，而是保持了候选人的参与，在招聘阶段进步时收集了情报。使用OSINT工具和漏洞数据分析，团队发现了一个虚假身份，过去的工作证书，甚至是与嫌疑人相关的受批准的外国特工别名的网络。

During a final interview with Kraken's CSO, further identity verification like showing ID and answering local trivia was requested, ultimately confirming the applicant as an imposter.

在对Kraken的CSO进行的最后一次采访中，要求进一步的身份验证，例如显示ID和回答本地琐事，最终确认申请人为冒名顶替者。

Commenting on the event, Nick Percoco, CSO at Kraken, said:

CSO的Nick Percoco在评论该活动时说：

"State-sponsored attacks aren’t just a crypto, or U.S. corporate issue, they’re a global threat. Any individual or business handling value is a target, and resilience starts with operationally preparing to withstand these types of attacks. We're thankful for our partners at Chainalysis and other industry peers who contribute to the collective defense against bad actors."

“国家赞助的攻击不仅是加密货币，还是美国公司问题，它们是全球威胁。任何个人或企业处理价值都是目标，弹性始于运营准备承受这些类型的攻击。我们感谢我们在Chainalysiss和其他行业同行中为不利的演员做出贡献的其他行业同行。”

The full story from Kraken:

Kraken的完整故事：

We recently had an interesting encounter with a North Korean hacker who tried to apply for a job at Kraken. It began with a routine application for an open engineering role. The applicant's email address caught our attention as it matched intelligence we had received from Chainalysis and other industry partners about a known hacker network targeting cryptocurrency companies.

最近，我们与朝鲜黑客遇到了一次有趣的相遇，该黑客试图在Kraken申请工作。它始于一个例行的开放工程角色的应用程序。申请人的电子邮件地址引起了我们的注意，因为它与我们从Chainalysis和其他行业合作伙伴中获得的有关瞄准加密货币公司的已知黑客网络收到的情报。

Furthermore, throughout the hiring process, the applicant displayed anomalies that grew increasingly suspicious. Their name varied across different platforms and communications, and during one interview, the applicant's voice changed mid-call, which we later learned was likely due to live coaching from someone else. They also preferred to communicate through cloaked systems like colocated Macs and VPNs.

此外，在整个招聘过程中，申请人表现出越来越可疑的异常。他们的名字在不同的平台和沟通中有所不同，在一次采访中，申请人的声音改变了中间电话，我们后来了解到这很可能是由于其他人的实时教练。他们还宁愿通过掩盖的系统（例如CoLocyCole Croped Mac和VPN）进行通信。

Despite these anomalies, we didn't want to reject the candidate out of hand. Instead, our security team decided to keep them engaged and collect more intelligence as we advanced them through our standard hiring procedures. Using OSINT tools and breach data analysis, we discovered a network of fake identities, past work credentials, and even a sanctioned foreign agent alias linked to the applicant.

尽管存在这些异常，但我们不想拒绝候选人。取而代之的是，我们的安全团队决定通过标准的招聘程序推进他们的智慧，并收集更多的智能。使用OSINT工具和漏洞数据分析，我们发现了一个伪造身份，过去的工作证书，甚至是与申请人相关的受批准的外国代理别名的网络。

The true scope of the deception unraveled during a final interview with me. As we reached the final stages of the interview process, we realized we needed to take additional steps to verify the applicant's identity. We asked them to show their ID, a request which they refused, and we posed a question of local trivia, which they failed to answer correctly. At this point, we were able to confirm that the applicant was an imposter.

在对我的最后一次采访中，欺骗的真正范围揭露了。当我们到达面试过程的最后阶段时，我们意识到我们需要采取其他步骤来验证申请人的身份。我们要求他们显示他们的ID，他们拒绝的请求，我们提出了当地琐事的问题，他们无法正确回答。在这一点上，我们能够确认申请人是冒名顶替者。

We notified the authorities and are working with our partners to mitigate any potential risk. We also want to thank the many people who helped us to identify and report this activity.

我们通知了当局，并正在与我们的合作伙伴合作以减轻任何潜在的风险。我们还要感谢许多帮助我们识别和报告这项活动的人。

This experience highlights a key challenge we're facing in crypto today. As attackers get more sophisticated, they're now walking through the front door, rather than just trying to breach the firewall. With AI now being used to create deep fakes and other forms of deception, we need to create more dynamic, real-time verification methods and foster a culture of security awareness across all departments of our organizations, not just IT.

这种体验突出了我们今天在加密货币中面临的关键挑战。随着攻击者变得越来越复杂，他们现在走过前门，而不仅仅是试图违反防火墙。现在，由于AI被用来创造深层假货和其他形式的欺骗，我们需要创建更具动态的，实时的验证方法，并促进组织各个部门的安全意识文化，而不仅仅是它。

Only by working together can we effectively combat this threat. We urge all companies and individuals in the crypto industry to be vigilant and take the necessary steps to protect themselves from North Korean hackers.

只有一起工作，我们才能有效地应对这一威胁。我们敦促加密行业的所有公司和个人保持警惕，并采取必要的步骤来保护自己免受朝鲜黑客的侵害。

We're also grateful for the work of our partners at Chainalysis and other industry peers who are helping to develop new tools and techniques for detecting and reporting malicious activity. Together, we can make a difference.

我们还感谢合作伙伴在链分析和其他行业同行的工作，他们正在帮助开发新的工具和技术来检测和报告恶意活动。在一起，我们可以有所作为。