The infamous North Korean Lazarus group is back and this time, the hackers belonging to the group are targeting cryptocurrency organisations by sending phishing emails via Microsoft-owned LinkedIn.
According to the researchers at global cyber security firm F-Secure, a system administrator from the target organization received a phishing document via their personal LinkedIn account.
“The document masqueraded as a legitimate job advert for a role in a blockchain technology company that matched the employee’s skills,” F-Secure said in a statement.
Though the document on the target’s host had been altered to remove malicious content after execution, F-Secure assessed that the original document was the same, or similar to, a sample publicly available on internet security website VirusTotal.
According to data by VirusTotal, the original malicious content was created in 2019.
In 2019, F-Secure uncovered technical details on Lazarus Group’s modus operandi during an investigation of an attack on an organisation in the cryptocurrency vertical.
“Lazarus Group’s activities are a continued threat: the phishing campaign associated with this attack has been observed continuing into 2020, raising the need for awareness and ongoing vigilance among organisations operating in the targeted verticals,” the cyber security firm said.
Earlier this year, the hacker group stole cryptocurrency from Mac and Windows users.
Lazarus was also involved in stealing nearly $600 million worth of crypto between 2017 and 2018.
“There is evidence in recent reporting of Lazarus Group leveraging similar techniques to those observed in this campaign, such as the preference of LinkedIn as a delivery medium, to compromise organisations in other verticals,” F-Secure said.
“It is F-Secure’s assessment that the group will continue to target organisations within the cryptocurrency vertical while it remains such a profitable pursuit, but may also expand to target supply chain elements of the vertical to increase returns and longevity of the campaign”.
In July this year, reports surfaced that North Korea-based hackers have engaged in a large scale digital skimming activity since May 19, breaking into online stores like international fashion chain Claires to insert malicious code that steals payment card details of the users in the US and Europe.
In June, a ZDNet report said India was among six nations that may see a large cyber attack in the form of Covid-19 themed phishing campaign from North Korean state hackers.
“The attack is part of the Lazarus Group’s large-scale campaign targeting more than 50 lakh individuals and businesses, including small and large enterprises, across six countries: India, Singapore, South Korea, Japan, the UK and the US, according to the report.
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]