Security

Lazarus Group Strikes Again: New Crypto Phishing Scam Targets LinkedIn Users

Cybersecurity firm SlowMist has uncovered a sophisticated phishing operation by the Lazarus Group, a hacker collective allegedly based in North Korea, which involved impersonating a partner of Fenbushi Capital on LinkedIn.

This scheme aimed to exploit employee access and steal their valuable crypto assets.

Crypto Phishing Attacks Escalate as Lazarus Group Targets LinkedIn

Fenbushi Capital, a blockchain venture capitalist based in Shanghai since 2015, has been at the forefront of supporting innovative projects across continents. The firm’s name and reputation in reshaping industries like finance and healthcare made it an attractive front for bad actors.

According to SlowMist’s Chief Information Security Officer, who goes by the pseudonym 23pds, the Lazarus Group crafted false identities on LinkedIn, masquerading as Fenbushi Capital partners. They initiated contact with potential targets under the guise of investment opportunities or networking at conferences.

Read more: Crypto Scam Projects: How To Spot Fake Tokens

“Watch out for the Lazarus attack on the fake Fenbushi Capital on LinkedIn!” 23pds alerted.

Last week, SlowMist already made a similar alert. The company discovered that Lazarus Group currently targets individuals via LinkedIn to steal employee privileges or assets through malware.

The method of operation was systematically deceptive. First, the hackers approached high-level executives or HR personnel through LinkedIn. They pose as job seekers specialized in React or blockchain development.

They would then encourage the unsuspecting employees to view their coding repository and execute a code demonstrating their proficiency. However, this code was malicious, designed to compromise system security and facilitate unauthorized access.

This strategy was not Lazarus Group’s first venture using LinkedIn as a tool for its activities. In a notable incident from July 2023, a programmer at CoinsPaid in Estonia was duped into downloading a malicious file.

The event occurred during what was posed as a job interview over a video link. This lapse in security led to a devastating $37 million theft from CoinsPaid.

“The attack itself was very quick. They are professionals,” Pavel Kashuba, co-founder of CoinsPaid, remarked.

Further analysis by Chainalysis highlights that groups like Lazarus have adapted and refined their methods for laundering stolen funds. Following the takedown of popular mixers like Sinbad and the sanctioning of Tornado Cash, North Korean hackers have shifted to newer technologies.

They now use the Bitcoin-based mixer YoMix to obscure their transactions.

Read more: Top 7 Tornado Cash Alternatives in 2024

Lazarus Group’s Newest Tactics using YoMix.io. Source: Chainalysis

Using advanced laundering techniques such as chain hopping and cross-chain bridges, Lazarus Group has continued to enhance its strategies. They aim to evade detection and maximize the value extracted from illicit activities.

Source

Click to rate this post!
[Total: 0 Average: 0]
Show More

Leave a Reply

Your email address will not be published. Required fields are marked *