Lazarus Group Hacks for Crypto via LinkedIn Blockchain Job Posting

Shine Li   Aug 26, 2020 08:15

A hacking operation that is allegedly backed by North Korea has been reported to be targeting blockchain and cryptocurrency employees through LinkedIn.  

Malware Infiltrates LinkedIn

The group of cyber hackers, Lazarus, habeen growing their online presence through their huge cyber-attack operations. Since 2017, Lazarus ransomware group has accumulated over $571 million in stolen cryptocurrencies.

According to a report by Finnish cybersecurity firm F-Secure, the latest cyber-attack from Lazarus was conducted through the professional employment-oriented digital platform LinkedIn. Lazarus hackers targeted a blockchain and crypto industry employee through a phishing message. The digital text was presented as a legitimate blockchain job offer and an MS Word document with the title “BlockVerify Group Job Description” was enclosed. Embedded in the MS Word document was a malicious macro code, which automatically launched when the file was open.

Hacking for Crypto

After further investigation, the cybersecurity threat intelligence team behind F-Secure revealed that the names, authors, and document details found in the “BlockVerify Group Job Description” document posted on LinkedIn shared the same publicly available code from VirusTotal, a huge malware and online URL scanning service. Data from VirusTotal confirmed F-Secure's suspicions of foul play, as findings revealed that the malicious macro code was originally created in 2019. 37 antivirus systems have already reported it since then.

The goal of releasing the malware was to gain login credentials to gain entry into the victim’s network. Through that crucial step, Lazarus could then invade the network digitally and steal cryptocurrency funds.

Furthermore, F-Secure disclosed that the Lazarus Group also shared similar interests as that of the government of North Korea. According to F-Secure cybersecurity experts, the cyber operations set in place by the Democratic People’s Republic of Korea will also very likely target organizations and companies that are not necessarily working within the realm of the crypto industry.

North Korea Has an Army of Hackers 

It has been uncovered recently in a tactical report revealed presented by the US army that the North Korean government had more than 6,000 hackers dispersed throughout the world working for them.  Countries that had North-Korea based hackers include Belarus, China, India Malaysia, and Russia, to name a few.

The US has long been active in trying to put an end to North Korea’s widespread cryptocurrency-driven cybercrime campaigns and is still actively working on strategically obliterating the illicit online activities. 

Image source: Shutterstock

Read More