North Korean Lazarus Group Targets LinkedIn In yet Another Crypto-malware Campaign

The post North Korean Lazarus Group Targets LinkedIn In yet Another Crypto-malware Campaign appeared first on Coinpedia Fintech News

Lazarus, the world-famous North Korean hacker group, has brought their cyber espionage to cryptocurrency firms with their attempt to attack through sophisticated malware on Linkedin. This fact came into the open after an alert from SlowMist blockchain security analytics firm stating that Lazarus group might pose as blockchain developers searching for crypto-sector jobs.

As narrated in the SlowMist’s report, the hacker’s strategy is intricate. They trick vulnerable LinkedIn users into sending in personal information under the guise of job inquisition. The moment contact is established, the intruders make the victims download the code and turn it over to them for a possible code repair process. 

However, the code segments presented as innocent by Lazarus, show sophisticated capabilities of stealing money and sensitive information from the targets. The persistent attack defines a periodic function that is triggered at a fixed time: steal everything, which attempts to steal as much data as possible from the user’s device and upload it to a server controlled by the attacker.

Lazarus is known to use the latest emerging tactics

Lazarus has continued to deploy this method in its schedule, matching its previous schemes, for instance, when a similar trap was set as fake meta recruiters in December 2023. The victims received tasks such as coding challenges which were avenues to malware able to provide the hackers remote access to the victim’s network.

Lazarus Group’s wicked actions make up far more than just social engineering via LinkedIn. The various crypto heists performed by the group show that it has accumulated more than $3 billion in stolen cryptocurrencies since its inception. Well-known instances have been the $37 million theft from crypto payment platform CoinPaid and the very big $625 million hack of Ronin Bridge.

Cyber thefts reportedly fund up to 40% of WMD programs

Lazarus uses crypto mixing services to launder the stolen funds and move them back into North Korea, where reportedly it is used to advance the army.

The international security councils, in this regard, recognize the connection between the operations of Lazarus Group and North Korea’s unauthorized weapons of mass destruction (WMD) programs. A report from a U.N. panel of experts published last month revealed that an estimated 40% of North Korea’s weapons of mass destruction (WMD) were funded through illicit cyber means mostly stolen crypto.

The U.S. and the allies, in strong diplomatic moves, have taken in the broader picture, which shows that these cyber-initiatives have become a threat to national security. Enforcement measures such as sanctions against the crypto mixer Sinbad indicate clearly that the authorities do not tolerate actions that, in the case of Lazarus, enable illicit activities.

With the crypto sector still struggling to handle cyber security, assessment and amelioration of security procedures to defeat intelligent actors like Lazarus Group have been urged.