State-sponsored North Korean hacking collective Lazarus Group is reportedly attacking LinkedIn users in the digital asset industry in the latest attempt to hack cryptocurrencies with malware, blockchain security firm SlowMist alleged on April 24.
“Lazarus Group is currently contacting cryptocurrency industry targets via LinkedIn and stealing employee privileges or resources via malware,” SlowMist wrote on its X account.
The blockchain security firm alleged that Lazarus Group members created fake profiles on the networking service and contacted HR personnel and hiring managers at various blockchain-related organizations.
“Initial declarations and dependency loading scripts generate errors immediately upon startup, probably to confuse analyzers or automated tools,” SlowMist stated. “Several Node.js modules are imported, and environment variables and function definitions identify the operating system hostname, platform type, home directory and temporary directories.
A periodic function aptly named “stealEverything ” “attempts to steal as much data as possible from the user’s device and upload it to a server controlled by the attacker.”
Lazarus Group links to North Korea’s WMD program
A report by a UN panel of experts released last month revealed that an estimated 40% of North Korea’s weapons of mass destruction (WMD) were funded through “illicit cyber means.”
To date, the Lazarus Group has stolen more than $3 billion worth of digital assets worldwide. A recent TRM Labs report shows that the authoritarian country stole more than $600 million in 2023 alone.
Security officials from the United States and its allies believe that state-sponsored malware initiatives could threaten national security.
In December, U.S. National Security Advisor Jake Sullivan met with diplomatic counterparts from South Korea and Japan, during which they discussed North Korea’s WMD program.
Last year, the United States imposed sanctions on cryptocurrency company Sinbad, a “key money laundering tool” as part of the regime’s efforts to exploit digital assets.
“The Treasury Department and its partners in the U.S. government stand ready to deploy all tools at their disposal to prevent virtual currency blenders like Sinbad from facilitating illegal activities,” – Deputy Treasury Secretary Wally Adeyemo said after the enforcement action was taken. “While we encourage responsible innovation in the digital asset ecosystem, we will not hesitate to take action against illegal actors.”
It is unclear whether Lazarus Group will face any consequences for its latest crypto malware program.