North Korean hackers Lazarus Group used a fake profile of an employee of an investment company on LinkedIn to launch a cyberattack on DeFi projects. This was announced by the director of information security at SlowMist under the nickname 23pds.
🚨Watch out for the #Lazarus 🥷🇰🇵 attack on the fake Fenbushi Capital on linkedin! @fenbushi @SlowMist_Team @boshen1011 @VitalikButerin 👇 pic.twitter.com/cAjAcPqkNj
— 23pds (@im23pds) April 29, 2024He discovered the user "Nevil Bolson", who is allegedly the founding partner of the blockchain-oriented Chinese management firm Fenbushi Capital. The attackers stole the photo from the page of the real representative of the company Remington Ong.
According to 23pds, hackers use a fake page to search for software developers in the DeFi segment, and then send them phishing links.
Nevil Bolson was linked to Lazarus Group thanks to matching IP addresses and a typical attack strategy.
Earlier, researchers found out that North Koreans are plagiarizing online resumes from legitimate LinkedIn and Indeed profiles in order to get a job in US cryptocurrency companies.
According to a recent report by the UN Security Council, about half of the DPRK's foreign currency revenues were received as a result of cyber attacks, including on the crypto industry. According to their calculations, from 2017 to 2023, hackers caused cumulative damage equivalent to $3 billion.