North Korean hacker group Lazarus is now using LinkedIn to target vulnerable users and steal their assets via targeted malware attacks. The incident came to light after blockchain security analytic firm SlowMist revealed that Lazarus group hackers are pretending to look for jobs as blockchain developers in the cryptocurrency industry through LinkedIn.

Lazarus Hackers Impersonate Blockchain Developers to Steal Confidential Information

SlowMist claimed hackers steal confidential employee credentials after inviting access to their repository to run relevant code. The code snippets the hacker runs contain malicious code that steals confidential information and then assets.

Using LinkedIn for targeted attacks is not a new methodology, and the North Korean hacker group used a similar tactic in December last year, posing as a fake Meta recruiter.

After contacting victims via LinkedIn, the fake recruiter requested that the targeted “applicants” download two coding challenges as part of the hiring procedure. These two coding files contained malware, and when they were run on a work computer, they released a Trojan that allowed remote access.

The infamous hacking group has stolen over $3 billion in crypto assets. It is among the most notorious and organized hacking groups that first surfaced in 2009 and continues to target crypto firms despite numerous sanctions against them.

The hacking group is known for using innovative ways to target and steal funds. In August 2023, the group used fake job interviews to steal $37 million from crypto payment firm CoinPaid. The hackers attempted to infiltrate CoinsPaid infrastructure by targeting individuals through fake high-salary job offers.

Also, read – What Are The Intriguing Crypto Dusting Attacks And Top 10 Precautions To Take To Avoid Them

The group has been responsible for some of the biggest heists in the crypto industry, with the Ronin Bridge hack being the biggest, with $625 million stolen.

The hacker group often uses crypto mixing services to launder their stolen funds back to North Korea, which, according to many reports, are used to fund the country’s military operations.

Although crypto firms are often the target of these hacker groups, the decentralized nature of blockchain makes it difficult for them to move their funds. Once identified, they are often tracked and blocked with the help of crypto platforms.

In February 2023, Huobi and Binance froze $1.4 million worth of crypto assets linked to North Korea. Similarly, $63 million worth of assets linked to the Harmony Bridge hack was also frozen by crypto exchanges.