Beware! North Korean hackers Lazarus use LinkedIn to steal your cryptos

The notorious North Korean hacker group Lazarus has found a new way to target crypto users, this time exploiting the professional platform LinkedIn. Indeed, the hackers are posing as recruiters looking for blockchain developers in order to steal confidential information and crypto assets.

Job offers on LinkedIn, new bait for Lazarus hackers to steal cryptos

Since its creation in 2009, the Lazarus group has forged a notorious reputation for carrying out targeted attacks against businesses. Today, this dreaded hacker group has adopted a new strategy to illicitly seize digital assets.

According to a report by the analysis company blockchain security SlowMisthackers pose as recruiters looking for blockchain developers.

Using profiles of fake recruiters on LinkedIn, hackers seek to lure these professionals with enticing job opportunities. Once contact has been established, they invite potential victims to share their code as part of the recruitment process. However, this code actually contains malware enabling hackers to steal confidential information and cryptocurrencies.

An attack of this kind has already occurred in December 2023, when hackers impersonated a recruiter from Meta. Targeted candidates were then invited to download coding challenges presented as an integral part of the recruitment process.

Unfortunately, these files contained malware enabling hackers to gain remote access to computers and steal sensitive information and digital assets.

Lazarus, a formidable black hat group

Since its first appearance, the Lazarus group has stolen over $3 billion in crypto assets, making it one of the world’s most prolific and feared hacking groups.

Among their most high-profile exploits was the theft of $37 million from payment company CoinPaid in August 2023, using fake job interviews, or the record-breaking hacking of the Ronin Bridge in 2022, where $625 million was stolen.

According to information provided by the U.S. FBI, stolen funds are generally laundered via cryptocurrency blending services before being sent to North Korea, where they would be used to finance the regime’s military operations.

This latest attack via Linkedin demonstrates the extent of the Lazarus group’s capabilities, and underlines the need for companies and crypto investors alike to strengthen their IT security. The diversity of methods used by this hacker group and its ability to effectively target the crypto sector, deploying a wide range of malicious tools. This is why it is so important to take the necessary steps to protect yourself against their attacks.