Lazarus Group hackers launch new method for cyber attacks

North Korean hackers Lazarus Group used a fake LinkedIn profile to launch a cyber attack.

SlowMist’s information security director, 23pds, found that hackers from the Lazarus Group used a fake LinkedIn profile of an investment company employee.

The expert discovered the user ‘Nevil Bolson’, allegedly a founding partner of the blockchain-focused Chinese asset management firm Fenbushi Capital. The attackers stole a photo from the page of a real company representative, Remington Ong.

According to 23pds, hackers use a fake page to look for software developers in the decentralized finance (defi) segment and then send them phishing links. The faked profile was linked to the Lazarus Group thanks to matching IP addresses and a typical attack strategy.

According to a U.N. Security Council report, North Korean hackers often use phishing with social engineering techniques. Combined with the extensive technical data of the company’s computer system and the vulnerabilities present, the group finds an opportunity to compromise private keys.

One of the Lazarus Group’s latest conquests was the gaming platform Munchables. In an attack on the platform, the group stole 17,500 Ethereum (ETH).

Crypto expert ZachXBT claims that, between 2020 and 2023, Lazarus Group laundered $200 million through more than 25 crypto-to-fiat hacks. The expert concluded this by tracking 25 hacks interconnected across multiple blockchains and through mixers on centralized exchanges.

However, $374,000 of the stolen money was frozen in November 2023, and an undisclosed amount was frozen on centralized exchanges in the fourth quarter of 2023. Three of the four stablecoin issuers in the address group also froze another $3.4 million.