Coinspeaker
Lazarus Group’s Fenbushi Executive Impersonation Gimmicks Uncovered
Cybersecurity experts have uncovered a tactic employed by the North Korea-backed cyber hacking ring Lazarus Group.
According to reports from security firm SlowMist, members of this group have been engaging in a sophisticated scheme involving the impersonation of executives from Fenbushi Capital, an asset management firm.
This deceptive maneuver is specifically targeted at the users of the professional networking platform LinkedIn.
🚨Watch out for the #Lazarus 🥷🇰🇵 attack on the fake Fenbushi Capital on linkedin! @fenbushi @SlowMist_Team @boshen1011 @VitalikButerin 👇 pic.twitter.com/cAjAcPqkNj
— 23pds (@im23pds) April 29, 2024
Lazarus Hacker Group Taps LinkedIn in its Crypto Theft
The Lazarus Group’s modus operandi involves creating fake profiles on LinkedIn, presenting themselves as high-ranking individuals affiliated with Fenbushi Capital.
SlowMist posted a screenshot on X, revealing the scam LinkedIn username “Nevil Bolson”. By assuming these false identities, the hackers aim to establish credibility and trust within professional circles, ultimately luring unsuspecting users into their schemes.
According to The Block, the Lazarus Group would use this impostor to chat privately with their targets on LinkedIn, chatting in the name of an investment company. The impostor posted on LinkedIn, “looking for Software developers, please reach out for more discussion.”
After gaining the victim’s trust, Lazarus Group might insert fake meeting links to launch phishing attacks once clicked
Meanwhile, according to SlowMist, the Lazarus Group’s actions call for serious concern, as it usually targets prominent Decentralized Finance (DeFi) projects. It is also a stark reminder of the persistent threat posed by cybercriminals.
Leveraging LinkedIn for targeted attacks is not new. Last December, Lazarus Group used a similar tactic, posing as a fake Meta recruiter. After establishing contact with the victim on LinkedIn, the hacker group requested the applicants to download two coding challenges as part of their hiring process. These two coding files had the malware which after running through the computer allowed the release of a Trojan that facilitated remote access to the hackers.
North Korea and DeFi Exploits
Decentralized Finance protocols are some of the major victims of the multiple large-scale hacks that have taken place over the years. Hackers occasionally drained out DeFi protocols for billions of dollars in 2022.
The North Korean hacker group is one of the most sophisticated and organized hacking groups that surfaced for the first time in 2009. Despite multiple sanctions against it, Lazarus Group has continued to target cryptocurrency platforms time and again.
The hacking group employs inventive methods to target and steal funds. Renowned for orchestrating some of the largest heists in the crypto sector, the group’s most notable exploit was the Ronin Bridge hack, which saw a staggering $625 million unlawfully obtained.
While crypto firms frequently fall victim to such hacker groups, the decentralized structure of blockchain poses challenges for fund movement. Identified perpetrators often face tracking and blockage by crypto platforms. For instance, in February 2023, Huobi and Binance froze $1.4 million worth of crypto assets associated with North Korea.
Lazarus Group’s Fenbushi Executive Impersonation Gimmicks Uncovered