Lazarus Group, a cybercrime group allegedly backed by North Korea is once again targeting cryptocurrency vertical via illegitimate actions for financial gains.
On Aug 25, cybersecurity firm F-Secure’s threat intelligence team via cryptocurrency crime report shed some light on the recent crimes happening on the major professional social network Linkedin wherein the Lazarus group has become the major area of consideration.
As per the report, the Lazarus group is involved in a campaign which is targeting firms and employees working in the blockchain and cryptocurrency space.
The recent attack was made to one of the employees working as a system administrator in a blockchain firm that received a phishing document titled “BlockVerify Group Job Description, via personal Linkedin account.
The attack was made in the form of a job advert that impersonated the original job listing that matches the skills of the victim. This imitated job advert sent the phishing document to the target which looked original and legitimate to any naive.
Further, it is mentioned that the malicious document claimed to be protected by a rule called General Data Protection Regulation (GDPR) which would only open in the word document.
Here, Lazarus group tried to trick the target by embedding the macro code in the document which once opened will result in executing the macro code that steals the information like login credentials, access to the victim’s network to steal the cryptocurrencies.