The notorious hacker group known as Lazarus is employing a clever tactic to deceive its victims. By infiltrating LinkedIn, they are targeting users and launching phishing attacks. SlowMist, a reputable security company, has discovered that Lazarus, backed by North Korea, is posing as an executive member of Fenbushi Capital, a Chinese blockchain asset management business.
To carry out their scheme, the cybercriminals created a fake LinkedIn profile with the name “Nevil Bolson,” claiming to be a founding partner at Fenbushi. SlowMist’s chief information security officer uploaded a screenshot, revealing that the scammer used a photo of Remington Ong, an actual partner at Fenbushi Capital.
The fraudulent LinkedIn profile, belonging to Lazarus Group, is still active and actively seeking programmers. Three weeks ago, the imposter made a post on LinkedIn, requesting contact information to continue the conversation.
Once the hackers gain the victim’s trust, they engage in private LinkedIn conversations, posing as an investor and suggesting a meeting. SlowMist’s blog post explains that Lazarus adopts the identity of an employee from an investment firm because it specifically targets well-known DeFi initiatives.
When the victim’s confidence is secured, Lazarus adds malicious links disguised as meeting invitations or event pages. Clicking on these links triggers a phishing attack. SlowMist’s CISO was able to identify “Nevil Bolson” as an affiliate of Lazarus by comparing IP addresses and recognizing a shared attack methodology.
It is estimated that around half of North Korea’s foreign revenue stems from state-backed crypto hacker organizations. The United Nations Security Council has raised concerns that a significant portion of this money is being funneled into the development of nuclear weapons.
In other crypto news today, the founder of MetaWin has launched the $ROCKY Meme Coin on the Base Network.