Blockchain and cryptocurrency professionals on LinkedIn are under a new phishing threat that’s targeting them disguised as crypto-related job offers advertised on the platform.
A new report by Finland-based Cyber Security Firm F-secure has linked the attack to one of the most infamous and allegedly State-backed North Korean hacking group, Lazarus, which targets organizations globally for financial gains.
F-Secure stated that unsuspecting professions received a fake blockchain listing message which included a word document with an embedded malicious code. F-Secure found that certain details of the document such as word count, authors, and names were similar to previously archived malware by VirusTotal internet security website.
The report said that the malware would execute upon opening the document and fetch important information from the victim’s computer or phone, such as logins to crypto wallets and steal crypto funds.
F-secure further ascertained that the attack was meticulously calculated, with Lazarus going to great lengths to cover their tracks by trying to erase any traces that could be linked back to the hackers.
“Lazarus Group invested significant effort to evade the target organization’s defenses during the attack, such as by disabling anti-virus software, on the compromised hosts, and removing evidence of their malicious implants.”
Lazarus Group Is Expanding Attacks in the Crypto Space
While Lazarus has been linked to multiple large-scale attacks on many institutions in the past including banks, this is the second time that the group is directly targeting the crypto industry.
In October 2019, Lazarus used a fake cryptocurrency exchange to target Apple Mac users by creating a backdoor into their computers.
The firm is now advising targeted organizations to use the information to protect their networks and slow down the hackers in the future, which will also raise their cost of operations.
“It is F-Secure’s assessment that the group will continue to target organizations within the cryptocurrency vertical while it remains such a profitable pursuit, but may also expand to target supply chain elements of the vertical to increase returns and longevity of the campaign.”
Lazarus Is Part of North Korea’s Army of Hackers
Lazarus is part of two other hacking groups Andariel and Bluenoroff which are all alleged to be under the control of the North Korean Intelligence Bureau. In September 2019, the US Treasury announced sanctions on all three groups following their multiple attacks on institutions in the US, Canada, Europe, Australia, Japan, and more.
The US government has also accused the Lazarus group of being behind the large-scale 51% cryptocurrency attacks that saw the hackers net over $571 million across different exchanges. Some of their famous malware include WannaCry RansomWare and Cryptoworm.
A report released in July stated that North Korea has an army of over 6000 hackers who are trained to carry out different kinds of cyber-attacks. While no arrests have ever been made, the groups managed to make away with hundreds of millions repeatedly which the UN says North Korea uses to fund its Nuclear weapons program.