Security Officer Warning from the Trading Platform: North Korean Hackers are the Biggest Threat to the Encryption Industry

On August 13, the Chief Security Officer of a certain trading platform stated that the platform receives a large number of forged resumes every day, and he is convinced that these resumes are written by potential North Korean attackers. In his view, state-level attackers from North Korea are the biggest threat facing companies in the current encryption industry. The security officer explained that North Korean attackers have been an issue throughout the eight-year operational history of the platform, but recently their attack methods have upgraded in the encryption field.

"The biggest threat to the encryption industry at the moment is nation-state attackers, particularly North Korea's Lazarus Group," he added. "Over the past two to three years, they have focused on the encryption field and have achieved considerable success in their operations." He also mentioned, "Almost all major North Korean hacking incidents involve a disguised employee assisting in carrying out the attacks."

North Korea's state-sponsored attackers have two other common methods of attack: embedding malicious code in public NPM libraries and issuing fake job invitations to encryption practitioners. NPM (Node Package Manager) libraries or packages are collections of reusable code commonly used by developers. Malicious attackers can copy these packages and insert a tiny line of malicious code, which can lead to severe consequences while maintaining the original functionality. Even if the malicious code is discovered only once, it can gradually infiltrate the system as developers build new features on top of it. To mitigate such risks, the trading platform must carefully review every line of code.

Major cryptocurrency exchange platforms will share security intelligence in instant messaging groups to identify libraries implanted with malicious code and emerging North Korean attack methods.