The North Korean hacker group called Lazarus uses LinkedIn to launch targeted malware attacks on users and steal their crypto assets. This came to light after a disclosure by the blockchain security company SlowMist. The hackers posed as job seekers in the cryptocurrency industry, specifically interested in roles as blockchain developers.
Code with malicious elements in it
According to SlowMist, the hackers approach potential victims with requests for access to code repositories, ostensibly to execute relevant code. However, this code contains malicious elements designed to steal confidential information and property.
The Lazarus group has been using this strategy for some time; for example, in December 2023 they posed as a Meta recruiter. They contacted victims via LinkedIn and asked them to download two coding challenges as part of the recruitment process. These files contained malware that, once executed on work computers, installed a Trojan horse that allowed remote access.
Criminal activity shows an even broader pattern
These attacks are just part of a broader pattern of criminal activity by Lazarus, which has stolen more than $3 billion in crypto assets since they first emerged in 2009. The group also uses crypto mixing services to move the stolen funds to North -to Korea, where it is likely to be used to finance military operations.
Crypto exchanges such as Huobi and Binance have taken measures to block such funds; in February 2023, they together froze $1.4 million worth of suspect assets. These actions highlight the continued threat Lazarus poses to the cryptocurrency sector and the need for increased vigilance within the industry.
Source: https://newsbit.nl/noord-koreaanse-hackersgroep-lazarus-zet-linkedin-in-om-crypto-te-stelen/