The Lazarus Group strikes again with a new crypto phishing scam aimed at LinkedIn users

According to SlowMist, Lazarus Group has taken to impersonating a partner of Fenbushi Capital on LinkedIn.

According to cybersecurity company SlowMist, the Lazarus Group—a hacker gang believed to be located in North Korea—conducted a complex phishing operation on LinkedIn imitating a partner of Fenbushi Capital.

The goal of this plan was to get unauthorised access to employee accounts in order to steal their cryptocurrency.

Since its founding in 2015, Shanghai-based blockchain venture capital firm Fenbushi Capital has been an innovator in backing groundbreaking initiatives on every continent. The firm’s prominence in sectors undergoing transformation, such as healthcare and banking, made it a tempting target for criminals.

The Chief Information Security Officer at SlowMist, who goes by the handle 23pds, claims that the Lazarus Group created fake LinkedIn accounts and used them to pose as partners of Fenbushi Capital. Under the pretence of investment possibilities or conference networking, they approached possible targets and began communicating with them.

A similar warning was previously issued by SlowMist last week. Lazarus Group is now using LinkedIn as a vector to infect users with malware in an effort to get access to sensitive corporate information or steal assets.

In a methodical way, the operation was misleading. The hackers started by using LinkedIn to contact HR professionals and other high-ranking executives. They pretend to be looking for a job as a blockchain or React developer.

After that, they’d get the naive workers to check out their code repository and run an example of their code to prove how good they are. Unfortunately, the code’s malicious intent was to undermine system security and make it easier for unauthorized users to get access.

Lazarus Group has used LinkedIn for a number of initiatives before this approach. Someone at CoinsPaid in Estonia was tricked into downloading a malicious file in July 2023, which is a noteworthy occurrence.

This incident happened while a video interview was in progress, claiming to be for a job. A terrible $37 million was stolen from CoinsPaid because of this security breach.

“The assault happened in a flash. Experts in their field,” Pavel Kashuba, co-founder of CoinsPaid, said. Groups like Lazarus have perfected their techniques for laundering stolen assets, according to further research from Chainalysis. North Korean hackers have moved on to other technology after taking down famous mixers like Sinbad and sanctioning Tornado Cash.

Also Read: Io.net addresses the GPU metadata breach