North Korean Crypto Hacking Group Targeting LinkedIn Users
North Korea’s state-sponsored hacking collective, known as the Lazarus Group, is reportedly focusing its efforts on LinkedIn users involved in the digital asset industry. According to a statement from blockchain security firm SlowMist on April 24, the group has been creating fake profiles to connect with human resources personnel and hiring managers at various blockchain-related organizations. The goal? To send links containing malware disguised as coding samples.
Tactics and Techniques Unveiled
SlowMist revealed that the malware initiates by throwing errors through its initial declarations and dependency loading scripts, likely intended to confuse automatic analysis tools. It includes several Node.js modules and manipulates environment variables to extract as much data as possible, including the operating system’s hostname, platform type, and directories. The function named “stealEverything” aims to harvest vast amounts of user data and upload it to servers under the hackers’ control.
Lazarus Group’s Ties to North Korea’s WMD Program
A report from a U.N. panel last month estimated that 40% of North Korea’s weapons of mass destruction (WMD) program has been funded through illicit cyber activities, including those perpetrated by the Lazarus Group. This group has reportedly stolen over $3 billion in digital assets globally, with more than $600 million stolen in 2023 alone.
International Response and Security Concerns
The persistent cyber threats posed by North Korea have prompted discussions among security officials in the U.S. and its allies, concerning the potential national security risks. In December, a meeting among U.S. National Security Advisor Jake Sullivan and counterparts from South Korea and Japan focused on the North Korean WMD program and its funding through cybercrime.
U.S. Actions Against North Korean Cyber Operations
In response to these ongoing threats, the U.S. last year sanctioned the crypto mixer Sinbad, described as a significant money-laundering tool for North Korea’s regime. Deputy Secretary of the Treasury Wally Adeyemo emphasized the U.S. government’s readiness to use all available tools to prevent virtual currency mixers from facilitating illicit activities, underscoring a commitment to responsible innovation within the digital asset ecosystem while combating illicit use.
Uncertain Future for Lazarus Group
As international scrutiny increases, the future actions and potential political repercussions for the Lazarus Group remain uncertain. The international community continues to watch closely as developments unfold in this high-stakes cyber warfare arena.