North Korean hackers use LinkedIn for cryptocurrency heist, report reveals
27 Aug 2020

Hackers linked to North Korea have used LinkedIn as part of a major heist to steal cryptocurrency, new research has revealed.

The notorious Lazarus Group, which was behind the 2014 cyber attacks on Sony, carried out an attack against a cryptocurrency organisation using a tailored job advert posted to the professional social network.

Researchers at the security firm F-Secure, who uncovered the attack, said it was part of a broader campaign targeting organisations in at least 14 different countries.

“Our research, which included insights from our incident response, managed detection and response, and tactical defence units, found that this attack bears a number of similarities with known Lazarus Group activity, so we’re confident they were behind the incident,” said Matt Lawrence, F-Secure’s director of detection response.

“The evidence also suggests this is part of an ongoing campaign targeting organisations in over a dozen countries, which makes the attribution important.”

Countries caught up in the campaign include the United Kingdom, United States, China, Germany, Russia and South Korea.

The latest attack involved creating a fake job offer tailored to the profile of a system administrator within the target organisation.

The malicious document was part of a phishing attack designed to extract the target’s personal information and other private data needed to access their online accounts and ultimately steal bitcoin and other cryptocurrency.

Paul Rockwell, head of trust and safety at LinkedIn, told The Independent: “We actively seek out signs of state-sponsored activity on the platform and quickly take action against bad actors in order to protect our members.

“We enforce our policies, which are very clear: the creation of a fake account or fraudulent activity with an intent to mislead or lie to our members is a violation of our terms of service.”

North Korea has shown a strong interest in cryptocurrency in recent years, as its decentralised and semi-anonymous nature offers a way to bypass crippling economic sanctions, launder money and finance military development.

By Anthony Cuthbertson, The Independent, 25 August 2020

Read more at The Independent

RiskScreen: Eliminating Financial Crime with Smart Technology

Advance your CPD minutes for this content, by signing up and using the CPD Wallet

FREE CPD Wallet