Hackers linked to North Korea used fake Linked In posts in ongoing global plan to access data and steal cryptocurrency

Hackers linked to North Korea used a malicious post disguised as a fake LinkedIn job advert as part of an ongoing global plan to access data and steal cryptocurrency, new research by a cyber-security company has revealed.

F-Secure found that the Lazarus Group, which was behind the 2014 cyber attacks on Sony, carried out an attack against a cryptocurrency organisation to extract secure details.

The spearphishing attempt saw a system administrator receive a document disguised as a legitimate job advert for a role in a blockchain technology company that matched the employee’s skills.

Once downloaded, the hackers used backdoor network implants and malware to extract information from infected computers. The attackers used Mimikatz, a tailored form of malware used to extract bank account or crypto wallet details.

F-Secure said additional data revealed the attack was part of a continuing wide-ranging global phishing campaign by the group affecting 14 countries: US, Canada, United Kingdom, Germany, Russia, South Korea, Argentina, Singapore, Hong Kong, Netherlands, Estonia, Japan and the Philippines. “The attack was linked to this wider set of activity through several common indicators found in samples from the investigation, open source repositories, and proprietary intelligence sources,” F-Secure said.

The report warned that the campaign has been observed continuing into 2020 and called on cryptocurrency firms to be vigilant.

The hackers invested significant effort to evade the target organization’s defenses during the attack, disabling anti-virus software on the compromised hosts, and removing evidence of their malicious implants

The Lazarus Group has reportedly strong links to North Korea, and has been described by the FBI as a “state-sponsored hacking operation”


Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.