Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

Employee Falls for Fake Job Interview Over Skype


Recommended Posts

Employee Falls for Fake Job Interview Over Skype, Gives North Korean Hackers Access to Chile's ATM Network: Report

Victoria Song - Wednesday 11:50am


The one thing no one expects on a job interview is North Korean hackers picking up on the other line. But that’s apparently exactly what happened to a hapless employee at Redbanc, the company that handles Chile’s ATM network.

The bizarre story was reported in trendTIC, a Chilean tech site. A Redbanc employee found a job opening on LinkedIn for a developer position. After setting up a Skype interview, the employee was then asked to install a program called ApplicationPDF.exe on their computer, trendTIC reports. The program was reportedly explained to be part of the recruitment process and generated a standard application form. But it was not an application form, it was malware.

Because the malware was then installed on a company computer, the hackers reportedly received important info about the employee’s work computer, including username, hardware and OS, and proxy settings. With all that info, the hackers would then be able to later deliver a second-stage payload to the infected computer.

As for the link to North Korea, an analysis by security firm Flashpoint indicates the malware utilized PowerRatankba, a malicious toolkit associated with Lazarus Group, a hacking organization with ties to Pyongyang. If you haven’t heard of these guys, you’ve definitely heard of the stuff they’ve been up to. Also known as Hidden Cobra, the Lazarus Group is linked with the Sony hack in 2014 and the WannaCry 2.0 virus, which infected 230,000 computers in 150 countries in 2017. They’re also known for targeting major banking and financial institutions and have reportedly absconded with $571 million in cryptocurrency since January 2017.

The hack reportedly took place at the end of December, but it was only made public after Chilean Senator Felipe Harboe took to Twitter last week to blast Redbanc for keeping the breach secret. Redbanc later acknowledged the breach occurred in a statement, but the company failed to mention any details.


Link to comment
Share on other sites

  • 4 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...