Lazarus hacking group is using LinkedIn ads to target victims

Lazarus hacking group, a cybercrime ring based in North Korea is using LinkedIn advertisements to target cryptocurrency users.

According to a recent report, the group is targeting cryptocurrency and blockchain talents by posting ads regarding crypto-related jobs. Once triggered, the ad runs malicious macro code on the victim’s device.

Lazarus hacking group attacking through LinkedIn

According to the report by cybersecurity firm F-Secure, the latest attack by Lazarus was made through a cryptocurrency-related advertisement on the website. The report revealed that one individual working in the blockchain received a The ad mimicked a legitimate blockchain job listing and included a Microsoft Word document titled “BlockVerify Group Job Description.”

The document contained a malicious code which was executed when the user interacted with the Word document.

The Malicious Code

F-Secure discovered that a document of the same title, author, and word count was already listed on VirusTotal as a cybersecurity threat. VirusTotal statistics revealed that the code was first reported in 2019 and has been detected across 37 distinct antivirus engines.

The code steals the login credentials stored on the device and seeks access to the system’s network. This way, the code spreads across the device until it has enough data to steal the user’s cryptocurrencies.

North Korean tactics

F-Secure also stated that the actions of the Lazarus hacking group align with the interests of the North Korean government. The Democratic People’s Republic of Korea (DPRK) is likely to target firms and organizations in verticals outside of the blockchain ecosystem. According to a report by the US Army, North Korea has an army of 6,000 hackers situated across multiple countries, including China, India, and Russia.

About the author