Lazarus Hacker Group Targets LinkedIn in Latest Crypto Heist: $3 Billion Pilfered
Summary:
The North Korean hacker collective, Lazarus, is now exploiting LinkedIn to infiltrate the crypto industry and steal assets through malware attacks. As disclosed by blockchain security firm, SlowMist, the hackers pose as blockchain development job seekers, gaining access to essential employee credentials. Despite the inherent difficulties due to blockchain's decentralized architecture, Lazarus has managed to steal over $3 billion in crypto assets over the years. Large-scale thefts are often facilitated through crypto mixing utilities to move stolen funds back to North Korea, likely being utilized for military endeavors. Major crypto platforms are pivotal in tracing and blocking such ill-gotten assets.
The notorious hacker collective originating from North Korea, Lazarus, has shifted its tactics, opting to exploit LinkedIn for their duplicitous plots aimed at user asset theft through malware attack. Blockchain security analysis firm, SlowMist, disclosed the subterfuge. The hackers masquerade as job seekers in the blockchain development sector on LinkedIn, infiltrating the cryptocurrency sphere. According to SlowMist, once they gain access to an employee's repository under the guise of running pertinent code, they extract sensitive credentials. The code these cyber thieves execute contains malevolent elements that pilfer important information and then secure assets.
Leveraging LinkedIn as their attack launchpad isn't a novelty for Lazarus, evident in their similar operation in the final month of the previous year where they impersonated a false Meta recruiter. After establishing contact with their victims through LinkedIn, a bogus coder recruitment exercise required potential candidates to download two coding challenges, central to the employment procedures. Unbeknownst to the victims, these coding files were malware-riddled, executing a Trojan that facilitated remote access upon their work devices.
Having looted over a staggering $3 billion in crypto assets over the years, Lazarus, in existence since 2009, is recognized as one of the most infamously tenacious and tactical hacker clusters that continue to plague crypto firms notwithstanding extensive imposed sanctions.
In August 2023, they escalated their devious antics, adopting false interviews for fictitious high-paying positions as their latest ploy to divest $37 million from the crypto payment company, CoinsPaid. These cybercriminals devised schemes to infiltrate CoinsPaid’s infrastructure.
Related: US Treasury penalizes crypto blender Sinbad amid North Korea connections.
The criminal group is credited with executing some of the most glaring heists within the crypto domain, with the theft from Ronin Bridge, amounting to $625 million, being the most substantial yet. Often, they resort to crypto mixing utilities to secretly redirect the stolen funds back to North Korea. As reports suggest, these funds invariably get channeled into military endeavors.
Despite crypto firms regularly falling victim to such hacker alliances, the decentralized architecture of blockchain poses hurdles to the illicit movement of their resources. As soon as their activities surface, they are usually traced and impeded with assistance from crypto platforms. In a recent instance in February 2023, both Huobi and Binance froze crypto assets worth $1.4 million attributable to North Korea. Similarly, crypto assets worth $63 million from the Harmony Bridge hack were halted by crypto exchanges.
Magazine: Deposit risk: How do crypto exchanges actually handle your funds?
Published At
4/24/2024 1:24:34 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.