The notorious North Korean-backed hacker group Lazarus Group appears to have stepped up its scam activities by targeting the cryptocurrency industry by leveraging the professional social networking platform LinkedIn. The cyber threat has been detailed in a report by leading information security firm SlowMist.

Lazarus Group, infamous for its sophisticated cybercrime activities, is now conducting phishing attacks by posing as prominent figures in the cryptocurrency industry, posing a threat to the security of individuals and organizations.

Fraudulent Identity and Phishing Schemes

A discovery published by SlowMist’s CISO on Platform X revealed how the Lazarus group masqueraded as high-profile individuals from institutions including Fenbushi Capital. By impersonating executives from these institutions, the hackers gained undue trust.

For example, a fake profile identified as “Nevil Bolson”, claiming to be a founding partner of Fenbushi Capital, was used to mislead victims. The profile even used a photo of Remington Ong, a real partner of Fenbushi Capital, to add a certain credibility to the fraud.

This tactic is extremely effective; once trust is established, cybercriminals deploy malicious links disguised as harmless communications, such as meeting invitations or event pages.

Unsuspecting victims, believing they were interacting with an official contact, were tricked into clicking on these links, resulting in the installation of malware designed to steal important information and digital assets.

Impersonation is no longer just about mimicking an identity. The Lazarus hacker group has expanded its scams and reach by upgrading their phishing tactics to include fake job or investment opportunities.

Under the guise of a recruitment process, they send malware-embedded coding challenges or job application documents that, when executed, install Trojans, providing the attackers with remote access to the victim's system, enabling them to conduct mass data theft and financial fraud.

Notably, the intensified surge in sophisticated phishing tactics on platforms like LinkedIn indicates a significant shift in how cybercriminals are targeting the crypto industry. The involvement of these platforms in cybersecurity breaches points to an urgent need for increased vigilance and strong security protocols within the industry.

It is worth noting that the increase in sophisticated phishing tactics on platforms such as LinkedIn signals a significant change in the attack methods of cybercriminals targeting the cryptocurrency space. The involvement of these platforms in cybersecurity breaches demonstrates the urgent need for greater vigilance and enhanced security protocols within the industry.

The economic impact of the Lazarus cryptojacking attack

The activities of groups like Lazarus threaten the safety of individuals and affect the country’s economic sectors. According to UN estimates, such cyber operations account for approximately 50% of North Korea’s foreign exchange earnings, which play a major role in funding its weapons development programs.

This discovery reveals the broader geopolitical implications behind cryptocurrency thefts, which serve as a significant revenue source for state-sponsored activities. Additionally, the evolving tactics of these hackers show that while traditional cyberattack methods may have been effectively fended off, adversaries continue to adapt and change tactics.

Chainalysis’ latest analysis highlights a clear trend: while the total value stolen from these cyber breaches has decreased, the frequency and sophistication of attacks continues to increase. #LazarusGroup #网络犯罪