North Korean Lazarus Hacker Group Taps LinkedIn in Targeted Crypto Theft

On Apr 24, 2024 at 3:12 pm UTC by · 3 mins read

After establishing contact with the victim on LinkedIn, the hacker group requested the applicants to “download” two coding challenges containing Trojan files.

As per the latest reports, North Korea’s notorious Lazarus Group is using professional social media platforms like LinkedIn to target users and steal their crypto assets via Malware infusion. SlowMist, the popular blockchain security analytic firm was the first to report revealing that hackers at the Lazarus Group are pretending to search for jobs as blockchain developers in the crypto industry.

As per SlowMist, these hackers stole confidential employee information after getting inviting access to their repository for running the relevant code. The code snippets executed by the hacker contain malicious commands designed to illicitly acquire confidential data and assets.

Leveraging the LinkedIn platform for targeted attacks is not a new method. Last year in December 2023, the Lazarus Group used a similar tactic while posing as a fake Meta recruiter.

After establishing contact with the victim on LinkedIn, the hacker group requested the applicants to “download” two coding challenges as part of their hiring process. These two coding files basically had the malware which after running through the computer allowed the release of a Trojan that facilitated remote access to the hackers.

Lazarus Group’s History of Crypto Thefts

The North Korean hacker group Lazarus has been attempting innovative ways to steal digital assets and stolen more than $3 billion in assets so far. It is one of the most sophisticated and organized hacking groups that surfaced for the first time in 2009. Despite multiple sanctions against it, Lazarus has continued to target cryptocurrency platforms time and again.

The hacking group employs inventive methods to target and pilfer funds. For instance, in August 2023, they orchestrated a scheme involving fabricated job interviews, resulting in the theft of $37 million from crypto payment firm CoinPaid. By luring individuals with fraudulent high-paying job offers, the hackers sought to infiltrate CoinsPaid’s infrastructure.

Renowned for orchestrating some of the largest heists in the crypto realm, the group’s most notable exploit was the Ronin Bridge hack, which saw a staggering $625 million unlawfully obtained.

The Lazarus Group has been often using crypto-mixing services in order to launder the stolen funds to North Korea. Previous reports suggested that Lazarus also used popular crypto mixers like Tornado Cash for laundering their stolen crypto assets. Multiple reports suggested that North Korea has been using these funds to fund its military operations.

While crypto firms frequently fall victim to such hacker groups, the decentralized structure of blockchain poses challenges for fund movement. Identified perpetrators often face tracking and blockage by crypto platforms. For instance, in February 2023, Huobi and Binance took action by freezing $1.4 million worth of crypto assets associated with North Korea.

Share:

Related Articles

From Sony to Bybit: How Lazarus Group Became The World’s Most Dangerous Crypto Hackers

By March 2nd, 2025

Bybit’s Ethereum cold wallet was compromised on February 21, resulting in a $1.46 billion theft linked to North Korea’s state-sponsored Lazarus Group, adding to their multibillion-dollar crypto crime spree.

Bybit CEO Ben Zhou Declares War on Lazarus Group: Unveils $140M Hack Bounty

By February 25th, 2025

Cryptocurrency exchange Bybit has established a $140 million bounty program to combat North Korea’s Lazarus Group, with rewards for tracking stolen funds while hackers have already laundered $94.1M.

US Court Reverses Tornado Cash Sanctions in Groundbreaking Crypto Ruling

By January 22nd, 2025

A US District Court has reversed sanctions against Tornado Cash, while developer Alexey Pertsev remains in custody on money laundering charges worth $1.2 billion.

Exit mobile version