North Korean hacking group using LinkedIn to attack crypto firms

Date:

The infamous North Korean Lazarus group is back and this time, the hackers belonging to the group are targeting cryptocurrency organizations by sending phishing emails via Microsoft-owned LinkedIn.

According to the researchers at global cybersecurity firm F-Secure, a system administrator from the target organization received a phishing document via their personal LinkedIn account.

“The document masqueraded as a legitimate job advert for a role in a blockchain technology company that matched the employee’s skills,” F-Secure said in a statement.

Though the document on the target’s host had been altered to remove malicious content after execution, F-Secure assessed that the original document was the same, or similar to, a sample publicly available on internet security website VirusTotal.

According to data by VirusTotal, the original malicious content was created in 2019.

In 2019, F-Secure uncovered technical details on Lazarus Group’s modus operandi during an investigation of an attack on an organization in the cryptocurrency vertical.

“Lazarus Group’s activities are a continued threat: the phishing campaign associated with this attack has been observed continuing into 2020, raising the need for awareness and ongoing vigilance among organizations operating in the targeted verticals,” the cybersecurity firm said.

Earlier this year, the hacker group stole cryptocurrency from Mac and Windows users.

Lazarus was also involved in stealing nearly $600 million worth of crypto between 2017 and 2018.

“There is evidence in recent reporting of Lazarus Group leveraging similar techniques to those observed in this campaign, such as the preference of LinkedIn as a delivery medium, to compromise organizations in other verticals,” F-Secure said.

“It is F-Secure’s assessment that the group will continue to target organizations within the cryptocurrency vertical while it remains such a profitable pursuit, but may also expand to target supply chain elements of the vertical to increase returns and longevity of the campaign”.

In July this year, reports surfaced that North Korea-based hackers have engaged in a large scale digital skimming activity since May 19, breaking into online stores like international fashion chain Claires to insert malicious code that steals payment card details of the users in the US and Europe.

In June, a ZDNet report said India was among six nations that may see a large cyber attack in the form of Covid-19 themed phishing campaign from North Korean state hackers.

“The attack is part of the Lazarus Group’s large-scale campaign targeting more than 50 lakh individuals and businesses, including small and large enterprises, across six countries: India, Singapore, South Korea, Japan, the UK, and the US, according to the report.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

spot_img

Popular

More like this
Related