Lazarus hackers used LinkedIn to hit a crypto firm

Lazarus hackers used LinkedIn to hit a crypto firm
фото показано с : invezz.com

2020-8-26 14:49

North Korean Lazarus group is back, and once again, it is trying to get its hands on as many digital coins as possible. The infamous hacking team seems to have come up with a new campaign which revolves around targeting crypto organization by exploiting LinkedIn and the corporations’ human element.

Lazarus is back with a new campaign

According to a recent report published by researchers from F-Secure, the crypto organization was recently targeted as part of a massive new campaign. The campaign allegedly targeted firms and organizations in at least 14 different countries.

As mentioned, the attacker is Lazarus, which has been tied to a number of hacks against crypto businesses.

North Korean hackers have been targeting crypto for quite some time now, as digital coins make it relatively easy to bypass economic sanctions against the country.  The group itself has been active since at least 2007, according to the US government.

Since then, it had numerous high-profile hacks, and it conducted some massive campaigns, including the global ransomware attack from a few years ago, known as WannaCry.

How does the attack work?

Lazarus’ new campaign seems to be based on LinkedIn job advertisements, where the hackers are targeting human system administrators. They would provide admins with a phishing document, which is sent to their personal LinkedIn account. The document is related to a blockchain tech firm that is allegedly seeking new sysadmin.

The victim first needs to enable macros, however, in order for malicious code within the document to be effective. Once the necessary permission is granted, the document would execute a file called mshta.exe, and call out a link tied to VBScript.

The script then conducts system checks and sends operational data to the C2 server, owned by the hackers. Upon infecting the device, hackers can harvest credentials from the users’ machine, and they seem to be most interested in those holding financial value, which mostly includes cryptocurrency wallets and bank accounts.

F-Secure also noted that Lazarus is trying to delete the traces of its activity and be as stealthy as possible, although some traces of their presence can still be found by the researchers.

The post Lazarus hackers used LinkedIn to hit a crypto firm appeared first on Invezz.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Lazarus (LAZ) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 0.00 %
Cегодня L: $0 - H: $0
Капитализация $0 Rank 99999
Доступно / Всего 0 LAZ

lazarus crypto linkedin come human element team

lazarus crypto → Результатов: 27


Фото:

3 Reports Look at North Korea’s Lazarus Group, Iran’s Farhad Exchange, and the Crypto Ponzi Futurenet

On May 4, 2020, the blockchain surveillance firm Chainalysis published a three-part series covering a crypto Ponzi scheme, North Korea, and Iran’s use of digital currencies like bitcoin. The company’s research papers discuss the Poland-based crypto Ponzi called Futurenet, a hosting service allegedly tied to North Korea, and how Iran-based exchanges are bypassing OFAC sanctions […] The post 3 Reports Look at North Korea’s Lazarus Group, Iran’s Farhad Exchange, and the Crypto Ponzi Futurenet appeared first on Bitcoin News.

2020-5-7 01:05


Kaspersky: Lazarus Hackers To Steal Crypto Using Telegram in ‘Operation AppleJesus Sequel’

The Moscow-based cybersecurity firm Kaspersky has informed cryptocurrency users that North Korean hackers have developed new ways of delivering malware through Telegram. Kaspersky has been looking at the latest attacks of the Lazarus Group, a North Korea-related cybercrime organization that has also conducted the AppleJesus attack on some of the most important crypto exchanges in […]

2020-1-10 22:16


Фото:

Lazarus Hacker Group Continues to Target Crypto Using Faked Trading Software

This article was originally published by 8btc and written by Lylian Tang. The Chinese security service provider 360 Security has issued a warning that a large number of crypto exchanges have been targeted by the North Korean hacker group Lazarus and that the number is still rising after the recent hacks of crypto exchanges DragonEx, Etbox and BiKi.

2019-4-2 21:54


Фото:

North Korean Hackers Infiltrate Unnamed Crypto Exchange in First-Ever MacOS Hack

North Korea’s notorious cyber-hacking outfit, “Lazarus Group,” has reportedly deployed a MacOS-based malware to infiltrate cryptocurrency exchanges and applications, according to Kaspersky Labs. North Korean Attackers Strike To date, Lazarus remains an unknown entity, with no information on the number of individuals identifying with the outfit.

2018-8-25 07:00