According to reports from the blockchain security firm SlowMist on April 24, the Lazarus Group, a state-sponsored hacking collective associated with North Korea, has allegedly expanded its cyber operations to target individuals within the digital asset industry. SlowMist’s findings suggest that the Lazarus Group is actively engaging with LinkedIn users as part of its latest crypto hacking malware scheme.
In a statement posted to its X account, SlowMist revealed that the Lazarus Group is employing tactics involving LinkedIn to reach out to individuals working within the cryptocurrency sector. The group’s modus operandi reportedly involves the use of malware to exploit employee privileges or assets, effectively infiltrating the targeted organizations and siphoning valuable resources.
This development underscores the evolving tactics employed by sophisticated threat actors like the Lazarus Group to exploit vulnerabilities within the digital asset industry. By leveraging platforms like LinkedIn, the group aims to establish contact with industry insiders, potentially gaining access to sensitive information and assets.
The utilization of social engineering techniques on professional networking platforms like LinkedIn highlights the importance of vigilance and robust cybersecurity measures within the cryptocurrency sector. As threat actors continue to evolve their tactics, it is imperative for industry stakeholders to remain vigilant and implement comprehensive security protocols to safeguard against cyber threats and attacks.
North Korean hackers target cryptocurrency LinkedIn users.
According to the blockchain security company’s allegations, members of the Lazarus Group have been accused of engaging in a multifaceted strategy on LinkedIn. This strategy involves the creation of counterfeit profiles on the professional networking platform, through which they are purportedly reaching out to individuals occupying positions in human resources and hiring management roles within a wide array of blockchain-related organizations.
#Lazarus #APT The Lazarus group appears to be currently reaching out to targets via LinkedIn and steal employee privileges or assets through malware. #Lazarus #APT Lazarus 组织目前正通过 LinkedIn 联系加密货币行业的目标,并通过恶意软件窃取员工权限或资产。🧐
— 23pds (@im23pds) April 24, 2024
The modus operandi of the North Korean hackers extends beyond mere communication on LinkedIn. Allegedly, they employ a sophisticated tactic wherein they send unsuspecting victims a link purportedly showcasing their coding prowess. However, unbeknownst to the recipients, the link contains malicious code designed to exploit vulnerabilities in order to access the victim’s personal data.
SlowMist, in its assessment, noted that the initial declarations and dependency loading scripts embedded in the malicious link are intentionally designed to trigger errors immediately upon execution. This tactic aims to confound analyzers or automated tools attempting to identify the nefarious nature of the code. Furthermore, the code imports several Node.js modules and extracts critical environment variables and function definitions, including those pertaining to the operating system’s hostname, platform type, home directory, and temporary directories.
A particularly alarming aspect of the malware is the presence of a periodic function ominously named “stealEverything.” This function is programmed to execute periodically and systematically pilfer as much data as possible from the victim’s device. Subsequently, the stolen data is surreptitiously uploaded to a server controlled by the attacker, thereby facilitating the unauthorized extraction of sensitive information from unsuspecting victims.
The Lazarus Group’s connections to North Korea’s Weapons of Mass Destruction (WMD) program.
A recent report released by a panel of experts convened by the United Nations has brought to light a startling revelation: approximately 40% of North Korea’s Weapons of Mass Destruction (WMD) program is believed to have been financed through illicit cyber activities. At the forefront of these cyber operations is the notorious Lazarus Group, infamous for its brazen cyber heists that have resulted in the pilfering of over $3 billion worth of digital assets on a global scale.
Further corroborating these findings, a recent study conducted by blockchain intelligence firm TRM Labs has unearthed alarming statistics, indicating that North Korea’s authoritarian regime managed to siphon off more than $600 million in digital assets in the year 2023 alone. This staggering figure underscores the extent to which the country has leveraged cybercrime to bolster its illicit revenue streams.
Security officials from the United States and its allies have expressed grave concerns regarding the implications of North Korea’s state-sponsored malware initiatives, warning that these activities pose a significant threat to national security. Against this backdrop, high-level diplomatic discussions have ensued, with U.S. National Security Advisor Jake Sullivan convening a meeting with counterparts from South Korea and Japan to address the pressing issue of North Korea’s WMD program.
In response to these illicit activities, the United States has taken decisive action, imposing sanctions on crypto mixer Sinbad, which has been identified as a pivotal tool in facilitating the regime’s nefarious digital asset exploitation efforts. Deputy Secretary of the Treasury Wally Adeyemo emphasized the government’s unwavering commitment to combatting illicit activities in the digital asset ecosystem, underscoring the importance of responsible innovation while simultaneously reiterating the readiness to employ all available resources to thwart illicit actors.
As the international community grapples with the implications of North Korea’s cyber malfeasance, the question remains as to whether the Lazarus Group will face any political ramifications for its involvement in the latest crypto malware scheme. The answer to this remains uncertain, leaving observers to speculate on the potential consequences of these brazen cyber operations.
READ MORE ABOUT: Lazarus Group’s tactics evolve in crypto laundering through the use of bridge techniques.