The Lazarus Group, known for its sophisticated cyberattack campaigns, has been using LinkedIn to infiltrate the systems of cryptocurrency companies with the intent of stealing information and crypto assets.
Lazarus is using a clever tactic to impersonate blockchain developers who They pretend to look for jobs in recognized companies, with the aim of entering their systems and stealing confidential information and digital assets.
Security firms such as SlowMist have identified this pattern, highlighting the growing importance of surveillance and cybersecurity for companies and projects in the crypto industry to ensure the security of their systems and protect their users.
Spreading malware through fake job offers on Blockchain
As SlowMist explained, the new attacks by the Lazarus group on LinkedIn are not limited to obtaining data, but rather aim to gain remote control over the compromised systems of companies, in order to steal crypto assets. Using fake blockchain job offers, Lazarus hackers trick their potential victims and convince them to download coding tests, which are actually infected with malware.
By downloading and executing these malicious codes, victims can unleash Trojans that allow attackers to take control over systems and steal available data or assets.
SlowMist's Security Director warned about the new attack model that Lazarus hackers are using to deceive blockchain companies. He indicated that The attack begins with direct contact with management and human resources personnel. (HR) of companies that are recruiting blockchain developers.
The attackers inform these managers about the fake job search, inviting them to prove their experience as developers and review the codes they have supposedly worked on. The attackers then send the recruiters a code test, which is infected with malware and when executed allows the attackers to take over the servers to steal as much data as possible, as well as locate and steal data from installed browser extension cryptocurrency wallets.
These incidents underscore the need for robust security measures and constant awareness of cyber threats, especially on professional social media platforms where users may be more susceptible to misleading job postings.
The Lazarus hacker group
The Lazarus hacker group has been identified as one of the most persistent and advanced cyber collectives today, with a track record dating back to 2009. Their activities have included sophisticated attacks on cryptocurrency platforms, resulting in the theft of several billion dollars worth of digital assets.
Despite international sanctions and cybersecurity efforts, Lazarus has demonstrated a remarkable ability to adapt and evolve its attack methods.
Lazarus has been linked to North Korea, being singled out for its involvement in some of the most significant cryptocurrency thefts in history, such as the attack on the Ronin network, in which nearly $625 million in crypto assets were illegally stolen.
How to protect yourself from these attacks?
To protect against sophisticated cyberattacks, businesses can implement a number of robust security measures. Among them, strong authentication mechanisms, such as multi-factor authentication, are essential to ensure that only authorized personnel have access to critical systems.
Additionally, it is crucial to have workflow automation and analytics in place to quickly detect and respond to suspicious activity. Endpoint protection is also vital, ensuring that all devices connected to the company network are secure and monitored.
Controlling network access and securing web browsing are other important measures to prevent unauthorized access and phishing attacks.
Finally, developing a cybersecurity culture within the organization can increase awareness and improve security practices among employees, which is critical to preventing attacks that take advantage of human error.
Continue reading: The crypto community speaks out against the US accusations against Samourai Wallet
