Lazarus, a group of hackers reportedly backed by North Korea, would now target cryptocurrency and blockchain talent through the large professional social network LinkedIn.
According to a report by the Finnish cybersecurity and data protection company F-Secure, the latest Lazarus attack, came through a cryptocurrency-related job advertisement on the website. Their investigation found that a person working in the blockchain space received a phishing message mimicking a legitimate blockchain job offer.
The message contained an MS Word document entitled “BlockVerify Group Job Description” which ran malicious macro code when opened.
F-Secure determined that the document contained the same names, authors, and word count elements as the publicly available code from the leading Internet security website VirusTotal.. According to VirusTotal, the original malicious macro was created in 2019 and reported by 37 antivirus engines.
“The main purpose of the malware was to obtain credentials and allow access to the victim’s network, eventually reaching the system required to steal the cryptocurrency.”said a representative from F-Secure.
In the report, F-Secure highlighted that the Lazarus Group’s interests allegedly coincide with those of the Democratic People’s Republic of Korea (DPRK) government. According to the cybersecurity firm The DPRK’s cyber operations are also likely to target organizations and companies in industries outside of the cryptocurrency industry.
The Lazarus group is known for multiple attacks on the cryptocurrency industry. At the beginning of this year The hacking group used a variety of new viruses to steal cryptocurrencies from Mac and Windows users. Lazarus was also allegedly involved in nearly $ 600 million in cryptocurrency theft between 2017 and 2018.. The amount could represent almost 65% of the total cryptocurrencies stolen during the reporting period.
The latest news comes from a report by the US Army that North Korea now has more than 6,000 hackers dealing with cryptocurrency and cybercrime.