A research from security firm F-Secure revealed about a new phishing campaign linked to the scandalous North Korean Lazarus hacking group. In its research report “Lazarus Group Campaign Targeting the Cryptocurrency Vertical,” F-Secure stated that the hacking group is targeting the admin staff in cryptocurrency and financial organizations via fake LinkedIn job messages.
It is found that the group specifically focusing on stealing credentials of cryptocurrency wallets and online bank accounts. Here, the attackers send a malicious document disguised as a job advertisement in cryptocurrency and blockchain technology firms. The document claims to be protected by General Data Protection Regulation (GDPR) and stated that the content is needed to be enabled in Word for access. “The enablement of content would then result in the malicious embedded macro code to execute,” the researchers said.
“Lazarus Group’s activities are a continued threat: the phishing campaign associated with this attack has been observed continuing into 2020, raising the need for awareness and ongoing vigilance amongst organizations operating in the targeted verticals. It is F-Secure’s assessment that the group will continue to target organizations within the cryptocurrency vertical while it remains such a profitable pursuit, but may also expand to target supply chain elements of the vertical to increase returns and longevity of the campaign. In addition, some of the newer C2 infrastructure suggests the group may be looking to target organizations in the financial investment vertical,” the researchers added.
History of Lazarus Group Attacks
The Lazarus hacking Group was involved in multiple cyberattacks earlier. In 2018, Kaspersky uncovered AppleJeus, a malicious operation by Lazarus Group to intrude on cryptocurrency exchanges and applications. In December 2019, researchers discovered a malware dubbed as “Fileless” distributed by the Lazarus group. According to the security researchers, the hacking group has been spreading malware targeting MacOS users, to create fake cryptocurrency trading applications. Also, the malicious activities of the group include the creation of a malware used in the 2017 WannaCry 2.0 global ransomware attack, theft of $81 million from Bangladesh Bank in 2016, attack on Sony Pictures Entertainment in 2014, and numerous other intrusions on the entertainment, financial services, defense, technology, virtual currency industries, academia, and electric utilities.