tl;dr
Cybersecurity firm SlowMist has uncovered a sophisticated phishing operation by the Lazarus Group, a hacker collective allegedly based in North Korea. The operation involved impersonating a partner of Fenbushi Capital on LinkedIn to exploit employee access and steal valuable crypto assets. The Lazar...
Cybersecurity firm SlowMist has uncovered a sophisticated phishing operation by the Lazarus Group, a hacker collective allegedly based in North Korea. The operation involved impersonating a partner of Fenbushi Capital on LinkedIn to exploit employee access and steal valuable crypto assets. The Lazarus Group posed as job seekers specialized in React or blockchain development on LinkedIn, encouraging unsuspecting employees to view their coding repository and execute a code demonstrating their proficiency. However, this code was malicious, designed to compromise system security and facilitate unauthorized access.
The Lazarus Group has also adapted and refined their methods for laundering stolen funds, using newer technologies such as the Bitcoin-based mixer YoMix to obscure their transactions. They aim to evade detection and maximize the value extracted from illicit activities.
Fenbushi Capital, a blockchain venture capitalist based in Shanghai since 2015, has been at the forefront of supporting innovative projects across continents. The firm’s name and reputation in reshaping industries like finance and healthcare made it an attractive front for bad actors.
According to SlowMist’s Chief Information Security Officer, who goes by the pseudonym 23pds, the Lazarus Group crafted false identities on LinkedIn, masquerading as Fenbushi Capital partners. They initiated contact with potential targets under the guise of investment opportunities or networking at conferences.
The company discovered that Lazarus Group currently targets individuals via LinkedIn to steal employee privileges or assets through malware. The method of operation was systematically deceptive. First, the hackers approached high-level executives or HR personnel through LinkedIn. They pose as job seekers specialized in React or blockchain development. They would then encourage the unsuspecting employees to view their coding repository and execute a code demonstrating their proficiency. However, this code was malicious, designed to compromise system security and facilitate unauthorized access.
In a notable incident from July 2023, a programmer at CoinsPaid in Estonia was duped into downloading a malicious file during what was posed as a job interview over a video link. This lapse in security led to a devastating $37 million theft from CoinsPaid.
Further analysis by Chainalysis highlights that groups like Lazarus have adapted and refined their methods for laundering stolen funds. Following the takedown of popular mixers like Sinbad and the sanctioning of Tornado Cash, North Korean hackers have shifted to newer technologies. They now use the Bitcoin-based mixer YoMix to obscure their transactions.
Using advanced laundering techniques such as chain hopping and cross-chain bridges, Lazarus Group has continued to enhance its strategies. They aim to evade detection and maximize the value extracted from illicit activities.
Top crypto projects in the US | April 2024
Harambe AI, Uphold, Coinbase, Exodus, Chain GPT, iTrustCapital, TRUSTED
Disclaimer: The opinions expressed by the writers at Grow My Bag are their own and do not reflect the official stance of Grow My Bag. The content provided on our site is not intended as investment advice, and Grow My Bag is not an investment advisor. We do not endorse buying or selling any cryptocurrencies or digital assets mentioned in our articles. High-risk investments in Bitcoin, cryptocurrencies, and digital assets require thorough due diligence, and all transfers and trades made are at your own risk. Grow My Bag is not responsible for any potential losses and participates in affiliate marketing.