Blockchain security analytics firm SlowMist recently uncovered a concerning trend involving North Korean hacking group Lazarus, which has been exploiting LinkedIn to target vulnerable users and pilfer their assets through targeted malware attacks. In this scheme, hackers posed as blockchain developers seeking job opportunities in the cryptocurrency industry on LinkedIn. Once invited to access repositories under the guise of running relevant code, the hackers injected malicious code into the snippets, ultimately stealing confidential employee credentials and assets.
This strategy isn't novel, as a similar tactic was employed by another North Korean hacking group masquerading as fake Meta recruiters in December 2023. Following contact via LinkedIn, the fraudulent recruiter would prompt the victim to download coding challenges purportedly for the recruitment process. However, these files harbored malware, leading to the installation of Trojans upon execution, thereby granting remote access to the hackers.
Lazarus, notorious for its sophisticated and organized cyberattacks, has a history of targeting cryptocurrency companies despite international sanctions. The group's audacious schemes have resulted in the theft of over $3 billion in crypto assets. One of their notable exploits involved orchestrating fake job interviews to breach the infrastructure of a crypto payments company, resulting in a $37 million heist. Lazarus' criminal activities extend beyond theft, with reports indicating that laundered funds are channeled back to North Korea to finance military operations.
While cryptocurrency companies are prime targets for hacking groups, the decentralized nature of blockchain complicates fund movement, making it challenging for attackers to obfuscate their trails. Nevertheless, swift action from cryptocurrency exchanges, such as freezing North Korea-related assets worth millions of dollars, has proven effective in thwarting illicit activities. In February 2023, exchanges like Huobi and Binance took action by freezing $1.4 million worth of North Korea-related crypto assets, demonstrating a proactive approach to combatting cyber threats.
