фото показано с : invezz.com

North Korean Lazarus group is back, and once again, it is trying to get its hands on as many digital coins as possible. The infamous hacking team seems to have come up with a new campaign which revolves around targeting crypto organization by exploiting LinkedIn and the corporations’ human element.

According to a recent report published by researchers from F-Secure, the crypto organization was recently targeted as part of a massive new campaign. The campaign allegedly targeted firms and organizations in at least 14 different countries.

As mentioned, the attacker is Lazarus, which has been tied to a number of hacks against crypto businesses.

North Korean hackers have been targeting crypto for quite some time now, as digital coins make it relatively easy to bypass economic sanctions against the country.  The group itself has been active since at least 2007, according to the US government.

Since then, it had numerous high-profile hacks, and it conducted some massive campaigns, including the global ransomware attack from a few years ago, known as WannaCry.

Lazarus’ new campaign seems to be based on LinkedIn job advertisements, where the hackers are targeting human system administrators. They would provide admins with a phishing document, which is sent to their personal LinkedIn account. The document is related to a blockchain tech firm that is allegedly seeking new sysadmin.

The victim first needs to enable macros, however, in order for malicious code within the document to be effective. Once the necessary permission is granted, the document would execute a file called mshta.exe, and call out a link tied to VBScript.

The script then conducts system checks and sends operational data to the C2 server, owned by the hackers. Upon infecting the device, hackers can harvest credentials from the users’ machine, and they seem to be most interested in those holding financial value, which mostly includes cryptocurrency wallets and bank accounts.

F-Secure also noted that Lazarus is trying to delete the traces of its activity and be as stealthy as possible, although some traces of their presence can still be found by the researchers.

The post Lazarus hackers used LinkedIn to hit a crypto firm appeared first on Invezz.

Similar to Notcoin - TapSwap on Solana Airdrops In 2024

origin »

258 +