North Korean hackers from the Lazarus Group used a fake employee profile from an investment company on LinkedIn to carry out cyberattacks on DeFi projects. This was reported by SlowMist’s Chief Information Security Officer under the pseudonym 23pds.
He discovered a user named “Nevil Bolson,” who purportedly is a partner-founder of the blockchain-oriented Chinese management firm Fenbushi Capital. The hackers stole the photo from the profile of a real representative of the company, Remington Ong.
🚨Watch out for the #Lazarus 🥷🇰🇵 attack on the fake Fenbushi Capital on linkedin! @fenbushi @SlowMist_Team @boshen1011 @VitalikButerin 👇 pic.twitter.com/cAjAcPqkNj
— 23pds (@im23pds) April 29, 2024
According to 23pds, through the fake profile, hackers search for software developers in the DeFi segment and then send them phishing links.
Fishing in the name of investments, conferences
使用投资、会议的名义钓鱼 pic.twitter.com/DKb3Uy1VFk— 23pds (@im23pds) April 29, 2024
The connection between “Nevil Bolson” and the Lazarus Group was established thanks to matching IP addresses and a typical attack strategy.
Earlier, researchers found that North Korean residents engage in plagiarism of online resumes from legitimate LinkedIn and Indeed profiles to obtain jobs in cryptocurrency companies in the US.
According to a recent report from the UN Security Council, about half of North Korea’s foreign currency income comes from cyberattacks, including those targeting the crypto industry. According to their estimates, from 2017 to 2023, hackers caused cumulative damage equivalent to $3 billion.