Lazarus Group hackers launch new method for cyber attacks

North Korean hackers Lazarus Group used a fake LinkedIn profile to launch a cyber attack.

SlowMist’s director of information security, 23pds, found that hackers from the Lazarus Group were using the fake LinkedIn profile of an investment firm employee.

The expert discovered a user named ‘Nevil Bolson’, who is claimed to be the co-founder of the blockchain-focused Chinese asset management company Fenbushi Capital. Attackers stole a photo from the page of Remington Ong, a real company representative.

According to 23pds, hackers are using a fake page to search for software developers in the decentralized finance (defi) segment and sending them phishing links. The fake profile was linked to the Lazarus Group thanks to matching IP addresses and a typical attack strategy.

North Korean hackers often use phishing in combination with social engineering techniques, according to a report by the UN Security Council. Combined with the company’s computer system’s extensive technical data and existing vulnerabilities, the group finds the opportunity to compromise private keys.

One of the Lazarus Group’s latest conquests was the Munchables gaming platform. In the attack on the platform, the group stole 17,500 Ethereum (ETH).

Crypto expert ZachXBT claims that Lazarus Group laundered $200 million between 2020 and 2023 through more than 25 crypto-to-fiat attacks. The expert came to this conclusion by tracking 25 hacks that were linked through mixers across multiple blockchains and centralized exchanges.

However, $374,000 of the stolen money was frozen in November 2023, and an undisclosed amount was frozen on central exchanges in the fourth quarter of 2023. Three of the four stablecoin issuers in the address group also froze another $3.4 million.