Recent reports show that the North Korean Lazarus hacker group targets vulnerable LinkedIn users with targeted malware attacks to take their assets.
The revelation that hackers from the Lazarus group were posing as blockchain developers in the cryptocurrency industry on LinkedIn prompted the disclosure of the incident by the blockchain security analytics firm SlowMost.
According to SlowMist, hackers stole sensitive employee credentials by granting access to their repository to execute pertinent code. The code fragments executed by the hacker comprise malevolent code that illicitly acquires sensitive data and assets.
Targeted assaults utilizing LinkedIn are not novel; in December 2023, a North Korean hacker group employed a comparable strategy by impersonating a Meta recruiter.
The fraudulent recruiter requested that the targeted “applicants” obtain two coding challenges as part of the hiring process after establishing contact with them via LinkedIn. When executed on a work computer, these two coding files containing malware released a Trojan that enabled remote access.
Lazarus has stolen cryptocurrency worth more than $3 billion. Since its inception in 2009, this highly infamous and well-coordinated hacking group has continued to target cryptocurrency companies despite facing numerous sanctions.
Targeting and stealing funds creatively is a hallmark of Lazarus. In August 2023, the group stole $37 million from cryptocurrency payment company CoinPaid using fabricated job interviews. To compromise the CoinsPaid infrastructure, the hackers posed bogus high-paying employment offers to specific individuals.
The organization has been responsible for several of the most significant heists in the cryptocurrency industry. The largest compromise was the Ronin Bridge in 2022, which yielded $625 million in misappropriated funds.
Numerous reports indicate that the hacker group frequently launders its stolen funds back to North Korea via crypto mixing services; these funds are reportedly used to finance the country’s military operations.
Although criminal groups frequently target cryptocurrency firms, the decentralized nature of blockchain prevents them from transferring funds. Cryptocurrency platforms often assist in the monitoring and blocking of identified threats.
Huobi and Binance suspended at least $1.4 million in North Korea-related cryptocurrency assets in February 2023. Exchanges of cryptocurrencies similarly suspended assets valued at $63 million associated with the Harmony Bridge breach.
