The North Korean hacking group Lazarus has reportedly used the Microsoft-owned platform LinkedIn to target an unnamed cryptocurrency firm’s system administrator.
According to a report published by ZDNet, citing cybersecurity researchers from F-Secure, the Lazarus group managed to infect a cryptocurrency organization as part of a global campaign that targeted businesses in at least 14 countries, including the UK and the US.
The Lazarus group was reportedly created in 2017 in response to international sanctions against Pyongyang, and since its creation, it has focused on attacks against financial institutions. The group is credited with an $8’ million heist on the Bank of Bangladesh, spreading the global WannaCry ransomware attack, and more.
In the cryptocurrency space, reports suggest Lazarus has stolen over $500 million worth of cryptocurrency from both exchanges and individuals. Earlier this year, the group was found to be using Telegram in a bid to steal cryptocurrency.
To F-Secure’s researchers, the cryptocurrency space is profitable for hackers and, as such, the group is likely going to keep targeting users and businesses in the space.
It is F-Secure’s assessment that the group will continue to target organizations within the cryptocurrency vertical while it remains such a profitable pursuit, but may also expand to target supply chain elements of the vertical to increase returns and longevity of the campaign.
Lazarus’ most recent attack was made through LinkedIn. The hackers reportedly created a job ad on the platform to target the system administrator of an unnamed cryptocurrency organization with a phishing attack.
The attackers sent the target an email that enticed the victim to enable macros, which were hiding malicious code. As soon as the victim enabled them, malware was installed on their device. The malware included code to harvest credentials of cryptocurrency wallets and financial institutions stored on the machine.
Featured image via Pixabay.