Lazarus is using LinkedIn to send phishing emails and attack crypto firms

Lazarus is using LinkedIn to send phishing emails and attack crypto firms
North Korean hackers reportedly targeting crypto firmsUnsplash
The infamous North Korean Lazarus group is back and this time, the hackers belonging to the group are targeting cryptocurrency organisations by sending phishing emails via Microsoft-owned LinkedIn.

According to the researchers at global cyber security firm F-Secure, a system administrator from the target organization received a phishing document via their personal LinkedIn account.

"The document masqueraded as a legitimate job advert for a role in a blockchain technology company that matched the employee's skills," F-Secure said in a statement.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More
Though the document on the target's host had been altered to remove malicious content after execution, F-Secure assessed that the original document was the same, or similar to, a sample publicly available on internet security website VirusTotal.

According to data by VirusTotal, the original malicious content was created in 2019.


In 2019, F-Secure uncovered technical details on Lazarus Group's modus operandi during an investigation of an attack on an organisation in the cryptocurrency vertical.

"Lazarus Group's activities are a continued threat: the phishing campaign associated with this attack has been observed continuing into 2020, raising the need for awareness and ongoing vigilance among organisations operating in the targeted verticals," the cyber security firm said.

Earlier this year, the hacker group stole cryptocurrency from Mac and Windows users.

Lazarus was also involved in stealing nearly $600 million worth of crypto between 2017 and 2018.

"There is evidence in recent reporting of Lazarus Group leveraging similar techniques to those observed in this campaign, such as the preference of LinkedIn as a delivery medium, to compromise organisations in other verticals," F-Secure said.

"It is F-Secure's assessment that the group will continue to target organisations within the cryptocurrency vertical while it remains such a profitable pursuit, but may also expand to target supply chain elements of the vertical to increase returns and longevity of the campaign".

In July this year, reports surfaced that North Korea-based hackers have engaged in a large scale digital skimming activity since May 19, breaking into online stores like international fashion chain Claires to insert malicious code that steals payment card details of the users in the US and Europe.

In June, a ZDNet report said India was among six nations that may see a large cyber attack in the form of Covid-19 themed phishing campaign from North Korean state hackers.

"The attack is part of the Lazarus Group's large-scale campaign targeting more than 50 lakh individuals and businesses, including small and large enterprises, across six countries: India, Singapore, South Korea, Japan, the UK and the US, according to the report.

Indians are borrowing heavily against gold⁠— but it may have been wiser to borrow money to buy the precious metal instead of homes

Oxford-Astrazeneca COVID-19 Vaccine: Phase II trials will begin in India today

After Facebook-Saregama deal, Sharechat and T-Series partner up for a music licensing deal