Lazarus group strikes cryptocurrency firm through LinkedIn job adverts

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
The Lazarus group is on the hunt for cryptocurrency once more and has now launched a targeted attack against a crypto organization by exploiting the human element of the corporate chain.

On Tuesday, cybersecurity researchers from F-Secure said the cryptocurrency organization is one of the latest victims in a global campaign which has targeted businesses in at least 14 countries including the UK and US.

According to F-Secure, the latest Lazarus attack was tracked through a LinkedIn job advert. The human target, a system administrator, received a phishing document in their personal LinkedIn account that related to a blockchain technology company seeking a new sysadmin with the employee's skill set.

The phishing email is similar to Lazarus samples already made available on VirusTotal, including the same names, authors, and word count elements.

As is the case with many phishing documents, you need to entice a victim to enable macros that hide malicious code for them to be effective. In this case, the Microsoft Word document claimed to be protected under the EU's General Data Protection Regulation (GDPR), and so, the document's content could only be shown if macros were enabled.

Full report by F-Secure (PDF): https://labs.f-secure.com/assets/BlogFiles/f-secureLABS-tlp-white-lazarus-threat-intel-report2.pdf
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top