After establishing contact with the victim on LinkedIn, the hacker group requested the applicants to “download” two coding challenges containing Trojan files.
As per the latest reports, North Korea’s notorious Lazarus Group is using professional social media platforms like LinkedIn to target users and steal their crypto assets via Malware infusion. SlowMist, the popular blockchain security analytic firm was the first to report revealing that hackers at the Lazarus Group are pretending to search for jobs as blockchain developers in the crypto industry.
As per SlowMist, these hackers stole confidential employee information after getting inviting access to their repository for running the relevant code. The code snippets executed by the hacker contain malicious commands designed to illicitly acquire confidential data and assets.
Leveraging the LinkedIn platform for targeted attacks is not a new method. Last year in December 2023, the Lazarus Group used a similar tactic while posing as a fake Meta recruiter.
After establishing contact with the victim on LinkedIn, the hacker group requested the applicants to “download” two coding challenges as part of their hiring process. These two coding files basically had the malware which after running through the computer allowed the release of a Trojan that facilitated remote access to the hackers.
Lazarus Group’s History of Crypto Thefts
The North Korean hacker group Lazarus has been attempting innovative ways to steal digital assets and stolen more than $3 billion in assets so far. It is one of the most sophisticated and organized hacking groups that surfaced for the first time in 2009. Despite multiple sanctions against it, Lazarus has continued to target cryptocurrency platforms time and again.
The hacking group employs inventive methods to target and pilfer funds. For instance, in August 2023, they orchestrated a scheme involving fabricated job interviews, resulting in the theft of $37 million from crypto payment firm CoinPaid. By luring individuals with fraudulent high-paying job offers, the hackers sought to infiltrate CoinsPaid’s infrastructure.
Renowned for orchestrating some of the largest heists in the crypto realm, the group’s most notable exploit was the Ronin Bridge hack, which saw a staggering $625 million unlawfully obtained.
The Lazarus Group has been often using crypto-mixing services in order to launder the stolen funds to North Korea. Previous reports suggested that Lazarus also used popular crypto mixers like Tornado Cash for laundering their stolen crypto assets. Multiple reports suggested that North Korea has been using these funds to fund its military operations.
While crypto firms frequently fall victim to such hacker groups, the decentralized structure of blockchain poses challenges for fund movement. Identified perpetrators often face tracking and blockage by crypto platforms. For instance, in February 2023, Huobi and Binance took action by freezing $1.4 million worth of crypto assets associated with North Korea.
next