The Lazarus Group has made a name for itself on the back of several hacks and many links to the North Korean government. After many have linked the group with planned cyberattacks, it appears to be gearing up for its onslaught against the crypto industry.
Stealing Users’ Confidential Information
This week, Finnish cybersecurity firm FSecure explained in a report that the Lazarus Group has started using professional job portal LinkedIn to target blockchain and crypto talent. Per the report, the group has started posting fake job listings on the site, hoping to steal information from there.
FSecure’s investigation came after someone working in the blockchain sector reported a phishing email that looked like a legitimate job posting. The posting included a document titled “BlockVerify Group Job Description.” Once opened, the document launched a malware attack instantly.
The cybersecurity company managed to trace the document’s characteristics. They found that it was strikingly similar to publicly available code on the internet security portal VirusTotal. Per data on the virus, it was built last year and has gotten reports from 37 antivirus engines.
A representative from FSecure explained that the malware’s objective is to fetch login credentials from victims. The hackers will use these credentials to access the victim’s network and find ways to steal cryptocurrencies.
The cybersecurity company also shared the sentiment that the group had been doing this at North Korea’s behest. As it explained, the secluded nation has turned its attention to corporations in and out of the crypto industry.
Lazarus Group’s Links with North Korea
North Korea’s exploits with stealing cryptocurrencies and hacking foreign entities have been well-documented. The Asian country has been the recipient of significant economic sanctions from the United States and disdain from the international community. It has turned to cyberattacks as a means of funding its weapons program.
The numbers behind North Korea’s exploits have also been staggering. Last year, Reuters reported that the country had gotten $2 billion from hacking cryptocurrency foreign exchanges and banks. The news source got the statistics from the North Korea sanctions committee of the United Nations Security Council.
As for the Lazarus Group, its hacking exploits aren’t new as well. In 2018, cybersecurity firm Group-IB claimed that the hacking group was responsible for 65 percent of all cryptocurrencies stolen between 2017 and 2018.
Although the North Korean government has denied links with the hacking group, the relationships have been significant. This week, the United States Army released a report claiming that Pyongyang has developed a hacking network with over 6,000 members. The hackers form a government department known as Bureau 121, which oversees four large cybercrime groups.
Along with the Lazarus Group, the report also highlighted the Bluenoroff Group — and organization that deals in financial crime and has over 1,700 members. All members run operations from out of North Korea and are scattered across several other nations — including Russia, India, China, Belarus, and more.