LinkedIn Heist ! Lazarus group linked

The notorious Lazarus Group, which was behind the 2014 cyber attacks on Sony, carried out an attack against a cryptocurrency organisation using a tailored job advert posted to the professional social network.

Researchers at the security firm F-Secure, who uncovered the attack, said it was part of a broader campaign targeting organisations in at least 14 different countries.

Research, which included insights from our incident response, managed detection and response, and tactical defence units, found that this attack bears a number of similarities with known Lazarus Group activity.

“The evidence also suggests this is part of an ongoing campaign targeting organisations in over a dozen countries, which makes the attribution important.”

Countries caught up in the campaign include the United Kingdom, United States, China, Germany, Russia and South Korea.


The latest attack involved creating a fake job offer tailored to the profile of a system administrator within the target organisation.

The malicious document was part of a phishing attack designed to extract the target’s personal information and other private data needed to access their online accounts and ultimately steal bitcoin and other cryptocurrency.

LinkedIn did not immediately respond to a request for comment from The Independent.

North Korea has shown a strong interest in cryptocurrency in recent years, as its decentralised and semi-anonymous nature offers a way to bypass crippling economic sanctions, launder money and finance military development.

In 2019, Pyongyang hosted a controversial blockchain and cryptocurrency conference, inviting international experts to speak and attend the event.

Following the conference, one deverloper was arrested and charged with conspiracy to violate the International Emergency Economic Powers Act.

F-Secure warned that attacks on cryptocurrency firms will likely continue, as well as other crypto-related attacks.

“Lazarus Group’s activities are a continuous threat: the phishing campaign associated with this attack has been observed continuing into 2020, raising the need for awareness and ongoing vigilance among organisations operating in the targeted verticals,” F-Secure’s report concluded.

“It is F-Secure’s assessment that the group will continue to target organisations within the cryptocurrency vertical while it remains such a profitable pursuit.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s