When the hacker Lazarus gains the victim's trust, they insert harmful links. If these links are clicked, it can lead to a phishing attack.

As per security firm SlowMist, users of LinkedIn are being targeted by Lazarus Group, a cyber-hacker group supported by North Korea. They are pretending to be a member of the leadership team at Fenbushi Capital, a Chinese blockchain asset management company.

A screenshot shared by SlowMist's chief information security officer reveals the imposter using the LinkedIn alias "Nevil Bolson" while posing as a founding partner at Fenbushi. The imposter used the picture of Remington Ong, an actual partner at Fenbushi Capital.

Establishing Trust with Victims

The fictitious LinkedIn profile linked to Lazarus Group remains active, with a focus on recruiting programmers. The imposter made a post on LinkedIn three weeks ago, asking for contacts to further discussions.

Lazarus utilizes the impersonator to engage in private LinkedIn chats with their targets, pretending to be an investor and proposing meetings. According to SlowMist's blog, one reason Lazarus pretends to be associated with an investment company is to target prominent DeFi projects.

Once Lazarus gains the victim's trust, they incorporate deceitful links that appear as meeting invites or event pages. Clicking on these links will initiate a phishing attack. SlowMist's CISO indicates that through IP address analysis and a shared attack strategy, they were able to identify "Nevil Bolson" as an affiliate of Lazarus.

Around half of North Korea's foreign income is believed to come from government-backed crypto hacker groups, with a substantial portion going towards the development of nuclear weapons.

Highlighted Crypto News Today:

MetaWin Founder Introduces $ROCKY Meme Coin on Base Network