Operating out of North Korea, the Lazarus Group is accused of orchestrating a staggering cryptocurrency theft totaling $3.4 billion. These illicit activities date back to as early as 2007.
Whereas, their unlawful exploits encompass a range of high-profile incidents. These include the $100 million breach of Harmony’s Horizon bridge in 2022, the $35 million Atomic Wallet heist earlier this year, and the recent $54 million intrusion into CoinEx exchange.
Additionally, they managed to secure a $41 million haul from the crypto-focused casino, Stake, among various other breaches. What’s intriguing is the group’s use of LinkedIn, a professional networking platform, for executing their social engineering and phishing schemes.
North Korea Lazarus Group Deceptive Tactics: Exploiting LinkedIn and Malicious PDFs for Cyber Heists
In 2019, the North Korea Lazarus Group embarked on “Operation In(ter)ception,” targeting European and Middle Eastern military and aerospace companies. Their approach was cunning; they posted deceptive job listings on platforms like LinkedIn, luring unsuspecting applicants to download what appeared to be a harmless PDF file.
However, concealed within this file was a malicious executable, ensnaring victims into compromising their own security. With this foothold, Lazarus adeptly exploited vulnerabilities in their systems, ultimately leading to the theft of critical information through skillful social engineering and phishing tactics.
Lazarus repeated this playbook during its relentless six-month assault on CoinsPaid, a cryptocurrency payments company. This relentless campaign yielded a staggering $37 million in ill-gotten gains in July.
Deceptive Offers, DDoS Attacks, and Brute Force Strategies
To further their agenda, the group resorted to deceptive job offers, specifically targeting engineers. Concurrently, they launched a series of technological offensives. These included Distributed Denial-of-Service (DDoS) assaults and relentless brute force tactics.
These tactics involved repeated attempts at various passwords until they successfully breached the target’s defenses. This dual-pronged approach demonstrated the Lazarus Group’s sophisticated and relentless methods in pursuit of their illicit goals.
The Lazarus Group has earned notoriety for its proficiency in exploiting zero-day vulnerabilities, disseminating malware, and engaging in a spectrum of illicit activities, spanning theft, espionage, and disruptions.
In 2019, the US Treasury Department imposed sanctions on the group, publicly linking them to North Korea’s Reconnaissance General Bureau, and attributing their activities to financing the country’s nuclear weapons program.
Read More:
CoinEx Calls for Dialogue with Hackers Amidst $70 Million Breach
Hong Kong Monetary Authority: Crypto Entities Cannot Represent Themselves as ‘Banks’