Here's How The North Korean Lazarus Group Can Steal Your Crypto—Via LinkedIn

North Korea's Lazarus hacker group has shifted focus to targeting crypto users through LinkedIn, masquerading as job-seeking blockchain developers to gain access to companies.
Here's How The North Korean Lazarus Group Can Steal Your Crypto—Via LinkedIn

Key Insights

  • North Korea's Lazarus hacker group is now targeting crypto users on LinkedIn.

  • They pose as job-seeking blockchain developers to infiltrate companies.

  • They send malicious code disguised as coding samples to steal information and assets.

  • This follows a similar attack in 2023 where they used fake Meta recruitment to spread malware.

  • The group has stolen over $3 billion in crypto assets according to estimates, and will likely continue to steal more

The notorious North Korean hackers who call themselves the Lazarus group have been a nightmare for cybersecurity experts since the group first emerged in 2009.

This group is known for being responsible for some of the most devastating and high-profile hacks so far.

As crypto became more popular over the years, we now have this group increasingly going after crypto users, companies and platforms.

This time around, there have been reports that the group has figured out a way to steal crypto from unsuspecting targets via LinkedIn.

Let’s see how this new scam works.

The Crypto LinkedIn Scam Connection

Anyone who has ever gone on a job hunt before would have used LinkedIn at some point.

It appears that the Lazarus group realizes this too, and has now shifted their focus towards blockchain firms.

According to a CISO/Security Researcher from the on-chain cybersecurity firm, Slow Mist, members of the Lazarus group now pose as blockchain developers seeking employment.

<div class="paragraphs"><p>The new Modus Operandi</p></div>

The new Modus Operandi

They do this by gaining access to vulnerable users’ profiles on LinkedIn, before using their identities to infiltrate and ultimately wipe wallets clean.

Here’s how they do it.

First, they target a company and then contact its company managers or HR personnel.

Then they claim to be looking for React or blockchain developers.

Then the attacker says something like ”I am an experienced job seeker and I have written code. You can visit my repository and run the following code to see how good I am

Then they send the company manager some malicious code and ask them to deploy/run it on their end.

Once this code is deployed, the virus goes to work, stealing confidential information and assets from the unsuspecting victims.

The Victim’s Déjà Vu

It turns out that this isn’t the first time that the Lazarus group has used social platforms for its nefarious purposes.

Last year, Forbes reported something similar, when one of the Lazarus group’s members posed as a fake recruiter from Meta (formerly known as Facebook).

This group member then connected with potential victims seeking employment, asking them to download two coding challenges as part of the hiring process.

When these job seekers downloaded these “tasks”, they turned out to be filled with malware that, when executed, granted the hacker backdoor access to the victim’s system.

So far, the Lazarus group has managed to steal over $3 billion worth of crypto assets as of this year, according to cybersecurity firm, Recorded Future.

Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.

Related Stories

No stories found.
Voice Of Crypto