The Lazarus Group – a cryptocurrency hacking organization allegedly based in North Korea – is once again searching for digital funds it has no right to, and this time, it’s utilizing social media and job hunting platform LinkedIn to get the job done.
Lazarus Is Stealing Crypto Through LinkedIn Ads
Among the latest victims to fall into Lazarus’ hands is F-Secure, a cryptocurrency organization. Thus far, about 14 separate businesses have been compromised in both the United States and the UK. What’s unique about these attacks is that they are occurring through advertisements on LinkedIn.
Cybersecurity researchers state that a phishing document is typically sent to companies’ personal LinkedIn accounts that advertise tools or products the blockchain firms Lazarus is targeting might want. If the document is opened, this enables macros within the computer utilized to read it. These macros then permit malicious code to take over the network.
Researchers are confident that Lazarus is likely to keep this scam running for some time given how profitable cryptocurrency has become in recent weeks. Bitcoin, for example, has jumped into the $11,000 range, and is trading at its highest points since June of last year.
In a statement, the individuals claim:
It is the assessment of F-Secure that the group will continue to target organizations within the cryptocurrency vertical while it remains such a profitable pursuit, but may also expand to target supply chain elements of the vertical to increase returns and longevity of the campaign.
Lazarus may have been created in 2007 and is likely the result of numerous sanctions against North Korea, which has been reprimanded by the United States and other nations for its years of human rights abuses and nuclear activity. Thus far, the organization is deemed responsible for the WannaCry attacks, the heist of a Bangladesh-based bank that saw more than $80 million stolen, and the Hao Bao bitcoin theft that occurred two years ago.
Getting Rid of the Problem
Paul Rockwell, head of trust and safety at LinkedIn, says that he and his staff members are taking the threat very seriously, and are looking into how best to stop future attacks. He comments:
We actively seek out signs of state-sponsored activity on the platform and quickly take action against bad actors to protect our members. We don’t wait on requests. Our threat intelligence team removes fake accounts using information we uncover and intelligence from a variety of sources, including government agencies. Our teams utilize a variety of automated technologies, combined with a trained team of reviewers and member reporting to keep our members safe from all types of bad actors. We enforce our policies which are quite clear: the creation of a fake account or fraudulent activity with an intent to mislead or lie to our members is a violation of our terms of service.