Lazarus is attacking the crypto industry via LinkedIn, warns F-Secure

Published at: Aug. 25, 2020

Lazarus, a group of hackers who are allegedly backed by North Korea, is now reportedly attacking crypto and blockchain talent through major professional social network, LinkedIn.

According to a report by the Finnish cyber security and privacy firm, F-Secure, the latest Lazarus attack was made through a crypto-related job advert on the site. Their investigation indicated that an individual working in the Blockchain space received a phishing message that mimicked a legitimate Blockchain job listing.

The message included an MS Word document titled “BlockVerify Group Job Description,” which executed malicious macro code when opened.

F-Secure found that the document shares the same names, authors, and word count elements as publicly available code from major internet security website, VirusTotal. According to data by VirusTotal, the original malicious macro was created in 2019, with 37 antivirus engines having reported it.

“The purpose of the malware was mainly to fetch login credentials and provide access to the victim’s network, eventually to reach the system required to steal the cryptocurrency,” an F-Secure representative said.

In the report, F-Secure outlined that the Lazarus group’s interests reportedly align with those of the government of the Democratic People's Republic of Korea, or DPRK. According to the cybersecurity firm, DPRK’s cyber operations will likely target organizations and companies in verticals outside the crypto industry as well.

The Lazarus group is well known for multiple attacks on the crypto industry. Earlier this year, the hacker group reportedly deployed a series of new viruses to steal crypto from Mac and Windows users. Lazarus was also allegedly involved in stealing nearly $600 million worth of crypto between 2017 and 2018. The amount may have accounted for nearly 65% of the total crypto stolen during the period.

The latest news comes amid a report by the United States Army claiming that North Korea now has more than 6,000 hackers dedicated to crypto and related cybercrimes.

Tags
Job
Related Posts
Revealed: How North Korean hackers launder stolen crypto
British multinational security company BAE Systems and the Society for Worldwide Interbank Financial Telecommunication, or SWIFT, have published a report revealing how cybercriminals launder cryptocurrency. According to the study Follow the Money money laundering cases via crypto are still relatively small compared to the huge volumes of cash laundered through traditional methods like wire transfers. But there are some notable examples and the report goes in-depth into the money laundering methods employed by Lazarus Group, a well-known hacking gang sponsored by the North Korean regime. Lazarus typically steals the crypto funds from an exchange and then starts to pass transactions …
Technology / Sept. 4, 2020
Don’t blame crypto for ransomware
Recently, gas has been a hot topic in the news. In the crypto media, it’s been about Ethereum miner’s fees. In the mainstream media, it’s been about good old-fashioned gasoline, including a short-term lack thereof along the East Coast, thanks to an alleged DarkSide ransomware attack on the Colonial Pipeline system, which provides 45% of the East Coast’s supply of diesel, gasoline and jet fuel. In cases of ransomware, we generally see a typical cycle repeat: Initially, the focus is on the attack, the root cause, the fallout and steps organizations can take to avoid attacks in the future. Then, …
Technology / May 30, 2021
Many cloud servers are still at high risk of being hijacked for crypto mining
According to a study published by cybersecurity firm, Aqua Security, cloud servers remain a major target for cryptojacking — a type of attack whose main motivation is to mine cryptocurrencies. The “2020 Cloud Native Threat Report” states that between the second half of 2019 and the first half of 2020, attacks of this nature surged by 250%. In total, 95% of the 16,371 attacks registered during this period were related to cryptojacking. The perpetrators of this type of exploit rely heavily on the use of XMRig, a well-known Monero (XMR) mining app, to deploy the attacks. Aqua Security explained: “Although …
Technology / Sept. 14, 2020
Report: Ransom Costs for Stolen Data Rose 200% From 2018 to 2019
On average, the ransom demanded by cryptocurrency ransomware hackers increased by 200% from 2018 to 2019. According to a report published on June 5 by cybersecurity firm Crypsis Group, the average ransom demanded by cryptocurrency ransomware groups in 2019 reached $115,123. The median ransom, on the other hand, increased by 300% from 2018’s first quarter to the last quarter to 2019, reaching over $21,700. According to Crypsis Group, ransoms have grown as hackers increasingly target enterprises and select victims who are able to pay higher sums. Just yesterday, Cointelegraph reported that ST Engineering Aerospace’s United States subsidiary fell victim to …
Technology / June 8, 2020
Aviation Database Struck By Unknown Ransomware Gang
Smartwatch maker and data-syncing service provider, Garmin, was the subject of a ransomware attack that took down several of its services on July 23, which managed to encrypt its internal network. According to a series of tweets published by the company, the Garmin Connect website and mobile app were affected by the hackers, plus the call centers and every customer support resources like replying emails, online chats, and handling calls. However, the nature of the attack was unveiled by ZDNet, who also stated that the cybercriminals also targeted flyGarmin, the company’s service that supports its line of aviation navigational equipment. …
Technology / July 25, 2020