Connect with us

Hi, what are you looking for?

Oracle of  Omaha SaysOracle of  Omaha Says

Editor's Pick

Lazarus Group Targets LinkedIn Users, Impersonates Fenbushi Capital Executive: SlowMist

In a relentless pursuit of cyber infiltration, the notorious Lazarus Group, allegedly backed by North Korea, has added a new weapon to its arsenal, which is now targeting LinkedIn users.

Reports surfaced today, April 29, revealing a sophisticated phishing operation orchestrated by the group, posing as a senior executive from Fenbushi Capital, a prominent Chinese blockchain asset management firm. 

SlowMist, a cybersecurity firm, illuminated this alarming development by exposing the group’s elaborate scheme to lure unsuspecting users into crypto phishing scams.

Lazarus Strategy Exposed

Last week, SlowMist revealed that Lazarus Group has been targeting LinkedIn users within the crypto industry as part of a crypto hacking scheme. The hackers create fake profiles on LinkedIn and contact HR personnel and hiring managers in blockchain-related organizations.

#Lazarus #APT The Lazarus group appears to be currently reaching out to targets via LinkedIn and steal employee privileges or assets through malware. #Lazarus #APT Lazarus 组织目前正通过 LinkedIn 联系加密货币行业的目标,并通过恶意软件窃取员工权限或资产。

— 23pds (@im23pds) April 24, 2024

They then send links containing malware disguised as code to showcase their coding abilities, aiming to exploit the victim’s data. SlowMist identified a periodic function named “stealEverything.”  This function is designed to extract as much data as possible and upload it to a server controlled by the attackers.

According to today’s update, SlowMist’s Chief Information Security Officer said the Lazarus Group’s latest tactic involves creating fake LinkedIn profiles. One profile masquerades as “Nevil Bolson,” purportedly a founding partner at Fenbushi Capital. 

The profile picture used by the impostor was sourced from Remington Ong, a legitimate partner at Fenbushi Capital. This further adds a layer of authenticity to the deception.

They use fake profiles to initiate private conversations with potential targets on LinkedIn, often under the pretext of discussing investment opportunities or arranging meetings. 

Once trust is established, the hackers introduce malicious links disguised as meeting invitations or event pages, which, when clicked, trigger phishing attacks aimed at compromising sensitive information or crypto assets.

SlowMist’s investigation into the Lazarus Group’s activities revealed a pattern of targeting prominent DeFi projects, leveraging the guise of investment company members to gain the trust of their victims. 

By meticulously comparing IP addresses and analyzing the attack strategy, SlowMist conclusively identified “Nevil Bolson” as part of Lazarus, reaffirming the group’s nefarious intentions.

Watch out for the #Lazarus attack on the fake Fenbushi Capital on linkedin! @fenbushi @SlowMist_Team @boshen1011 @VitalikButerin

— 23pds (@im23pds) April 29, 2024

Furthermore, the scale of crypto-related cybercrime perpetrated by groups like Lazarus is staggering. According to blockchain analytics firm Chainalysis, $1.7 billion worth of funds was stolen from the crypto space across 231 hacks in 2023 alone.

Lazarus Group Keeps Threatening Crypto Security

While Lazarus Group’s latest tactics on LinkedIn have garnered attention, their hacking spree extends beyond social media platforms. Recent reports indicate that the group has been involved in numerous exploitation attacks in the past few days. Early this year, the group orchestrated a significant move, transferring $12 million in Ether using Tornado Cash, a popular coin mixer. 

Furthermore, Lazarus Group’s activities have had tangible effects on specific cryptocurrencies, for example, RAIL. Railgun (RAIL), the native token of another coin mixer, has experienced a decline in price following Lazarus’ illicit activities on the platform. 

In the wake of allegations linking Railgun, a privacy protocol, to the sanctioned North Korean Lazarus Group’s illicit activities, Railgun has vehemently denied any association with the hacker collective.

The controversy stemmed from an analysis published by Elliptic, which suggested that the Lazarus Group had used Railgun to launder over $60 million worth of stolen Ethereum in June 2022. According to the report, the group shifted its laundering operations to Railgun following US sanctions imposed on Tornado Cash.

Elliptic’s research further indicated that a significant portion of the funds passing through Railgun, estimated at around 70%, were linked to the Harmony hack. This influx of Ethereum compromised Railgun’s effectiveness as a privacy protocol.

Reports suggest that 40% of North Korea’s weapons of mass destruction are funded through illicit cyber means, with Lazarus Group having stolen over $3 billion worth of digital assets globally to date.

The U.S. and its allies view North Korea’s state-sponsored malware initiatives as a threat to national security. Last year, the U.S. sanctioned the crypto mixer Sinbad, known as a “key money-laundering tool,” for the regime’s digital asset exploitation efforts.

The post Lazarus Group Targets LinkedIn Users, Impersonates Fenbushi Capital Executive: SlowMist appeared first on Cryptonews.

Enter Your Information Below To Receive Free Trading Ideas, Latest News And Articles.

    Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!

    You May Also Like

    Latest News

    A former Republican legislative candidate who traveled to Washington for former President Donald Trump’s ‘Stop the Steal’ rally was arrested Friday and charged with...


    Even as U.S. inflation broadly cools, frozen vegetable prices are hot. The average shelf price for frozen veggies rose by 18% in the past year...

    Latest News

    Abbe Lowell, Hunter Biden’s attorney, filed an ethics complaint Friday against Georgia Rep. Marjorie Taylor Green after she displayed censured nude photos of the president’s...

    Latest News

    President Biden has overruled the Pentagon and chosen Adm. Lisa Franchetti to lead the Navy, making her the first woman, if she’s confirmed, to...

    Disclaimer:, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

    Copyright © 2024