North Korean hacker who tried to get a job at US tech company caught red-handed - here's how

A North Korean hacker who attempted to infiltrate the ranks of a US tech company has been caught red-handed.

He had applied for an engineering role at the Kraken cryptocurrency exchange, which knew he was a malicious actor from the very start.

But instead of rejecting his CV, executives allowed him to advance through the recruitment process so they could gather intelligence about his tactics.

The first red flag emerged when the hacker joined a video call using a different name to the one on his resume, with his voice occasionally switching throughout the interview.

It was also discovered that the dodgy candidate's email address was linked to a large network of fake identities and aliases used by a hacking group.

Forensic examination of his ID showed that it appeared to have been altered - and may have featured details from victims of identity theft.

Traps were also set in the final interview, when the hacker was asked to verify their location and recommend nice restaurants in the city they claimed to live in.

Kraken said this caused the candidate to unravel - and they were unable to convincingly answer simple questions because they were flustered and caught off guard.

"By the end of the interview, the truth was clear: this was not a legitimate applicant, but an imposter attempting to infiltrate our systems," the company added.

Read more tech news:
M&S pauses recruitment amid cyber attack
UK heading for 'climate disaster'

Its chief security officer Nick Percoco has warned state-sponsored attacks are a "global threat" - and while some hackers break in, others try to walk through the front door.

Although artificial intelligence is making it easier to deceive businesses, he doesn't believe this technology is foolproof, as real-time verification tests can often wrong-foot fraudsters.

Research from the Google Threat Intelligence Group suggests this is a growing problem - with North Korean IT workers gaining employment at major companies in the US and Europe.

Their salaries help generate revenue for the secretive state - and in some cases, malicious actors also extort their employers by threatening to release commercially sensitive information.