- The Lazarus Group is currently using LinkedIn to impersonate a partner from Fenbushi Capital, enticing cryptocurrency investors with fraudulent investment opportunities.
- Attackers utilize phishing tactics by distributing links that appear to be legitimate Microsoft Teams invitations; these links, when clicked, install malware that steals assets.
- This scheme follows a pattern of similar strategies used by the group, such as previous attacks on recruiters by sending malicious code under the guise of employment opportunities.
Blockchain security firm SlowMist claims that the Lazarus group is using LinkedIn to impersonate a Fenbushi Capital partner to dupe cryptocurrency investors. An X post from 23pds, a researcher at the security firm, revealed that the bad actors lure in victims under the guise of offering investment opportunities from Fenbushi capital.
Shanghai-based Fenbushi Capital is a blockchain-focused venture capital firm founded in 2015. The firm has a global portfolio of 300 companies and has been an early backer of Ethereum. As such, the bad actors have been impersonating one of the firm’s partners, Remington Ong.
As noted by 23pds, the attackers are deploying phishing attacks by deploying malicious links that look like Microsoft Teams links. When the victim clicks the link, a virus is deployed on the victim’s system that steals information and assets.
Linkedin has become the latest hunting ground for the infamous hacker group, responsible for some of the biggest cryptocurrency-realted hacks. The recent revelation is a continuation of 23pds’s earlier warning claiming that the hackers are stealing confidential employee credentials for recruiters, pretending to be blockchain developers looking for a job.
In an April 24 post, the researcher noted the hackers ask unsuspecting recruiters to run their repository of relevant codes as a part of the interview. The repository actually contains malicious code, and when run, steals confidential information from the recruiters system.
The Lazarus group also employed similar tactics last year, but pretended to recruiters for social media company Meta. The attackers then sent two coding files to the applicants, asking them to download the files as a part of the recruitment process.
The coding files encapsulated malwares that infected the victim’s system with a trojan when executed. The Trojan allowed the hackers to gain remote access to the victim’s system.
According to a December 2023 report from threat intelligence platform Recorded Future, the Lazarus group has drained over $3 billion in cryptocurrency since 2017. Earlier this year, Estonian crypto-payment gateway CoinsPaid reportedly lost $7.5 million worth of various cryptocurrencies to the Lazarus group.