Lazarus Group Targeting LinkedIn Users As Part Of North Korea Crypto Hacking Scheme

Author: CoinSense

North Korea’s state-sponsored hacking collective Lazarus group is reportedly targeting LinkedIn users in the digital asset industry as part of its latest crypto hacking malware attempt, blockchain security firm SlowMist alleged on April 24.

“The Lazarus Group is currently contacting cryptocurrency industry targets through LinkedIn and stealing employee privileges or assets through malware,” SlowMist posted to its X account

North Korean Crypto Hacking Group Targeting LinkedIn Users

The blockchain security company alleged that Lazarus Group members were creating fake profiles on the networking site, reaching out to human resources personnel, and hiring managers in various blockchain-related organizations. 

From there, the North Korean hackers send a link with code in an attempt to show off their coding abilities. In reality, the cryptography contains dangerous malware to exploit the victim’s personal data.

“Initial declarations and dependency loading scripts throw errors immediately when they start, probably to confuse analyzers or automated tools,” SlowMist stated. “Several Node.js modules are imported, and environment variables and function definitions define the operating system’s hostname, platform type, home directory, and temporary directories.

A periodic function, aptly named “stealEverything,” then “attempts to steal as much data as possible from the user’s device and upload it to a server controlled by the attacker.”

Lazarus Group’s Ties To North Korea’s WMD Program

A report from a U.N. panel of experts published last month revealed that an estimated 40% of North Korea’s weapons of mass destruction (WMD) were funded through “illicit cyber means.”

Lazarus Group has stolen over $3 billion worth of digital assets globally to date.

A recent blockchain intelligence firm TRM Labs report found that the authoritarian country stole over $600 million in 2023 alone.

Security officials from the U.S. and its allies believe the country’s state-sponsored malware initiatives may threaten national security.

In December, U.S. advisor of National Security, Jake Sullivan, held a meeting with diplomatic counterparts from South Korea and Japan in which they discussed North Korea’s WMD program.

Last year, the U.S. sanctioned crypto mixer Sinbad, a “key money-laundering tool” for the regime’s digital asset exploitation efforts.

“The Treasury Department and its U.S. government partners stand ready to deploy all tools at their disposal to prevent virtual currency mixers, like Sinbad, from facilitating illicit activities,” Deputy Secretary of the Treasury Wally Adeyemo said following the enforcement action. “While we encourage responsible innovation in the digital asset ecosystem, we will not hesitate to take action against illicit actors.”

It’s unclear whether the Lazarus Group will face any political repercussions over its latest crypto malware scheme.