Lazarus, a group of North Korean hackers, has attacked crypto and blockchain talents through LinkedIn, the major professional social network.
It has been reported by the Finnish cybersecurity and privacy firm F-Secure that the latest Lazarus attack was made through a crypto-related job advert on the site.
However, their investigation indicated that an individual working in the blockchain space received a phishing message that mimicked a legitimate blockchain job listing.
The message included an MS Word document titled “BlockVerify Group Job Description,” which executed malicious macro code when opened.
The #Lazarus hacker group is targeting crypto talent via LinkedIn, according to an investigation by @FSecureLabs https://t.co/Qmy7WQR2Jd — Cointelegraph (@Cointelegraph) August 25, 2020
As per the report, F-Secure found that the document shares the same names, authors, and word count elements as publicly available code from major internet security website, VirusTotal.
According to data by VirusTotal, the original malicious macro was created in 2019, with 37 antivirus engines having reported it.
An F-Secure representative said:
“The purpose of the malware was mainly to fetch login credentials and provide access to the victim’s network, eventually to reach the system required to steal the cryptocurrency.”
Likewise, in the report, F-Secure outlined that the Lazarus group’s interests reportedly align with those of the government of the Democratic People’s Republic of Korea (DPRK).
According to the cybersecurity firm, DPRK’s cyber operations will likely target organizations and companies in verticals outside the crypto industry as well.
The Lazarus group is well known for multiple attacks on the crypto industry.
Thus, the latest news comes amidst a report by the United States Army claiming that North Korea now has more than 6,000 hackers dedicated to crypto and related cybercrimes.