Hacker Group Attacking Blockchain Firms Through LinkedIn
- The group used fake job postings on the social network to enable the scheme.
- The job offers would contain a document that would execute malicious code when opened, implanting malware and extracting crypto-related information.
LinkedIn office in Toronto, Canada on 2 June, 2016. Wikimedia Commons
A hacker group known as Lazarus, allegedly backed by North Korea, could be targeting firms in the crypto and blockchain sectors through LinkedIn, cyber security firm F-Secure said in a press release on 25 August.
According to the report published by the Finnish firm, the latest phishing attack made by Lazarus was through a crypto-related job offering on the Linkedln social network. The group used the platform to send a message to a systems administrator at a crypto firm, bearing a fake job offer document, which once downloaded, enabled the hackers to get in through the back door.
F-secure’s Director of Detection and Response, Matt Lawrence, said:
“Our research, which included insights from our incident response, managed detection and response, and tactical defense units, found that this attack bears a number of similarities with known Lazarus Group activity, so we’re confident they were behind the incident.”
The MS Word document, titled “BlockVerify Group Job Description, would execute a malicious macro code when opened. Once the group had access, it used backdoor network implants and malware to target, and extract, any crypto wallet information and bank account details they could find. It also appears that the attack, which was carried out in 2019, is part of a bigger campaign.
Lawrence said:
“The evidence also suggests this is part of an ongoing campaign targeting organizations in over a dozen countries, which makes the attribution important. Companies can use the report to familiarize themselves with this incident, the TTPs, and Lazarus Group in general, to help protect themselves from future attacks.”
Allegedly connected to the Democratic People’s Republic of Korea (DPRK), the hacker group is well known in the crypto space. Earlier this year, cyber security firm Kaspersky released a report claiming that the group had doubled down on its efforts to infect Mac and Windows users, using a modified malware. The group was also allegedly involved in the theft of nearly $600 million in crypto between 2017 and 2018.
- The New York Jurors took 4 fours of deliberating before pronouncing the former FTX CEO guilty of all seven charges of fraud and conspiracy to commit fraud.
- Bankman-Fried will now have to appear in court on 28 March, 2024, where he will face a potential maximum sentence of 115 years in prison.
Former CEO of FTX Sam Bankman-Fried leaves the Federal Court in New York after pleading not guilty, 3 January, 2022.
lev radin/Shutterstock
- Ethereum co-founder Vitalik Buterin has regained his T-Mobile account, which on Saturday was compromised by hackers and used to take over his X account.
- On 9 September, hackers used a SIM-swap attack to take over Buterin’s X account, and siphon close to $700,000 in crypto by promoting a fake NFT giveaway.
- The U.S. Department of Justice has expressed its concerns over Sam Bankman-Fried’s seven expert witnesses, and requested they be barred from testifying on the case.
- The DoJ claimed most of the proposed experts lacked the necessary foundation for their opinions, making them unqualified to be an expert witness.