Cyber Attack cyber

Kraken

May 6, 2025 2 min read
Kraken

In early 2025, Kraken’s security and recruitment teams discovered that a job applicant was in fact a North Korean state-sponsored hacker linked to the Lazarus Group. Rather than immediately rejecting the suspicious candidate, the teams advanced the individual through multiple interview rounds to observe tactics and gather intelligence. During the process, Kraken identified inconsistencies in the applicant’s resume, GitHub profile, voice patterns, use of VPN-masked Mac desktops, and altered identification documents. Subtle in-interview challenges, such as requests for local recommendations, exposed the candidate’s unfamiliarity with the claimed locale and confirmed malicious intent. While no customer or corporate data was stolen, Kraken expended significant investigative resources and devoted manpower to counter-espionage efforts. The operation ultimately yielded valuable insights into North Korea’s sophisticated infiltration methods, enabling Kraken to bolster its defenses. However, the episode underscored the rising risk of state-sponsored cyber actors posing as legitimate job seekers, prompting a reevaluation of hiring protocols across the cryptocurrency industry.

Source: https://cybersecuritynews.com/north-korean-hackers-infiltrate-kraken/

TPRM report: https://scoringcyber.rankiteo.com/company/seattlekraken

"id": "sea000050625",
"linkid": "seattlekraken",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Cryptocurrency',
                        'name': 'Kraken',
                        'type': 'Company'}],
 'attack_vector': 'Social Engineering',
 'date_detected': 'Early 2025',
 'description': 'In early 2025, Kraken’s security and recruitment teams '
                'discovered that a job applicant was in fact a North Korean '
                'state-sponsored hacker linked to the Lazarus Group. Rather '
                'than immediately rejecting the suspicious candidate, the '
                'teams advanced the individual through multiple interview '
                'rounds to observe tactics and gather intelligence. During the '
                'process, Kraken identified inconsistencies in the applicant’s '
                'resume, GitHub profile, voice patterns, use of VPN-masked Mac '
                'desktops, and altered identification documents. Subtle '
                'in-interview challenges, such as requests for local '
                'recommendations, exposed the candidate’s unfamiliarity with '
                'the claimed locale and confirmed malicious intent. While no '
                'customer or corporate data was stolen, Kraken expended '
                'significant investigative resources and devoted manpower to '
                'counter-espionage efforts. The operation ultimately yielded '
                'valuable insights into North Korea’s sophisticated '
                'infiltration methods, enabling Kraken to bolster its '
                'defenses. However, the episode underscored the rising risk of '
                'state-sponsored cyber actors posing as legitimate job '
                'seekers, prompting a reevaluation of hiring protocols across '
                'the cryptocurrency industry.',
 'impact': {'operational_impact': ['Significant investigative resources',
                                   'Devoted manpower to counter-espionage '
                                   'efforts']},
 'initial_access_broker': {'entry_point': 'Job Application'},
 'investigation_status': 'Completed',
 'lessons_learned': 'The episode underscored the rising risk of '
                    'state-sponsored cyber actors posing as legitimate job '
                    'seekers, prompting a reevaluation of hiring protocols '
                    'across the cryptocurrency industry.',
 'motivation': 'Espionage',
 'post_incident_analysis': {'corrective_actions': 'Bolstered defenses based on '
                                                  'gathered intelligence, '
                                                  'reevaluation of hiring '
                                                  'protocols',
                            'root_causes': 'Inconsistencies in the applicant’s '
                                           'resume, GitHub profile, voice '
                                           'patterns, use of VPN-masked Mac '
                                           'desktops, and altered '
                                           'identification documents.'},
 'response': {'containment_measures': ['Advanced the individual through '
                                       'multiple interview rounds to observe '
                                       'tactics and gather intelligence'],
              'remediation_measures': ['Bolstered defenses based on gathered '
                                       'intelligence']},
 'threat_actor': 'Lazarus Group',
 'title': 'North Korean State-Sponsored Hacker Attempts to Infiltrate Kraken',
 'type': 'State-Sponsored Hacker Infiltration',
 'vulnerability_exploited': 'Hiring Process'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.