Hackers linked to North Korea have used LinkedIn as part of a major heist to steal cryptocurrency, new research has revealed.
The notorious Lazarus Group, which was behind the 2014 cyber attacks on Sony, carried out an attack against a cryptocurrency organisation using a tailored job advert posted to the professional social network.
Researchers at the security firm F-Secure, who uncovered the attack, said it was part of a broader campaign targeting organisations in at least 14 different countries.
Download the new Independent Premium app
Sharing the full story, not just the headlines
“Our research, which included insights from our incident response, managed detection and response, and tactical defence units, found that this attack bears a number of similarities with known Lazarus Group activity, so we’re confident they were behind the incident,” said Matt Lawrence, F-Secure’s director of detection response.
“The evidence also suggests this is part of an ongoing campaign targeting organisations in over a dozen countries, which makes the attribution important.”
Countries caught up in the campaign include the United Kingdom, United States, China, Germany, Russia and South Korea.
The latest attack involved creating a fake job offer tailored to the profile of a system administrator within the target organisation.
The malicious document was part of a phishing attack designed to extract the target's personal information and other private data needed to access their online accounts and ultimately steal bitcoin and other cryptocurrency.
Paul Rockwell, head of trust and safety at LinkedIn, told The Independent: “We actively seek out signs of state-sponsored activity on the platform and quickly take action against bad actors in order to protect our members.
"We enforce our policies, which are very clear: the creation of a fake account or fraudulent activity with an intent to mislead or lie to our members is a violation of our terms of service.”
North Korea has shown a strong interest in cryptocurrency in recent years, as its decentralised and semi-anonymous nature offers a way to bypass crippling economic sanctions, launder money and finance military development.
In 2019, Pyongyang hosted a controversial blockchain and cryptocurrency conference, inviting international experts to speak and attend the event.
Following the conference, one deverloper was arrested and charged with conspiracy to violate the International Emergency Economic Powers Act.
F-Secure warned that attacks on cryptocurrency firms will likely continue, as well as other crypto-related attacks.
"Lazarus Group's activities are a continuous threat: the phishing campaign associated with this attack has been observed continuing into 2020, raising the need for awareness and ongoing vigilance among organisations operating in the targeted verticals," F-Secure's report concluded.
"It is F-Secure's assessment that the group will continue to target organisations within the cryptocurrency vertical while it remains such a profitable pursuit."
This website or its third-party tools use cookies, which are necessary for analytics and its functioning and required to achieve the purposes illustrated in the cookie policy, including the personalization and analysis of ads and content. If you want to learn more or withdraw your consent to all or some of the cookies, please refer to the cookie policy.
By clicking on Accept you are agreeing to the placement of cookies on your device.
Further use of our site shall be considered as consent. You may view our Privacy Policy and Cookie Policy here for more information.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.