Attackers impersonated legitimate venture capital firms on Telegram and launched sophisticated phishing attacks using the meeting and scheduling app.
North Korea-backed hackers Lazarus Group are increasingly targeting the cryptocurrency community through an extensive phishing operation on the popular messaging app Telegram, according to a December 6 update from blockchain security firm SlowMist.
The group’s new modus operandi includes impersonating high-profile venture capital figures from Archax, HashKey, and Gumi Cryptos to lure cryptocurrency teams with enticing investment proposals.
In this attack method, hackers build trust with victims through constant messaging and then lure them into unknowingly running malicious scripts to conduct phishing attacks under the guise of attending a meeting.
This confirms recent warnings from Alexandre Masmejean, CEO of creator crypto marketplace Showtime. Earlier this week, Masmejean said he was contacted by FBI agents who told him that Asian cybercriminals were posing as the head of the HashKey Singapore group and running malware on his computer.
SlowMist highlighted how hacker groups exploited Calendly’s “Add Custom Link” feature to embed malicious links in event pages for phishing purposes. These carefully disguised links blend seamlessly into the background, often evading suspicion.
Meanwhile, the security firm further identified a specific IP, 104.168.137.21, which is linked to various domains impersonating other projects. They remind everyone to remain vigilant and take preemptive measures to prevent potential risks associated with this malicious IP.
North Korea Lazarus Notorious
North Korea’s Lazarus Group has siphoned about $3 billion from the cryptocurrency industry over the past few years. The Asian country is accused of funding these hackers to use crypto projects to fund its weapons programs.
The United States has traced several cryptocurrency breaches to wallets controlled by hackers linked to North Korea, such as the Ronin Bridge breach, which resulted in the theft of more than $600 million in assets.
The scale of these thefts is quite large, with blockchain analysis firm Chainaanalysis estimating that North Korean hackers have stolen more than $3 billion in the past five years. This figure was further corroborated by South Korean intelligence, which reported that North Korea stole $1.2 billion in BTC and ETH in 2022 alone. #Lazarus #加密攻击
