New information shows that the controversial hacking group Lazarus Group, which is thought to be linked to North Korea, has used a new strategy in its cyberattacks.
23pds, the information security head of SlowMist, found that Lazarus Group agents used a fake LinkedIn profile to hide their identity while they carried out a cyberattack. The fake page said it belonged to a member of an investment company.
The expert’s research led them to the persona of “Nevil Bolson,” who is said to be a founding partner at Fenbushi Capital, a Chinese blockchain-focused asset management company. It was later found that the profile picture had been stolen from a real company representative called Remington Ong.
Lazarus Group Targets DeFi Developers
As reported by 23pds, the hackers used the fake identity to send phishing links to software developers in the decentralized finance (DeFi) industry. Later, it was found that the fake profile was connected to Lazarus Group through shared IP addresses and a signing method.
According to a report from the UN Security Council, the Lazarus Group is known to use phishing techniques and social engineering plans. The group plans attacks on target systems by deeply understanding them and finding weak spots. These attacks are then used to steal private cryptographic keys.
As one of their most recent crimes, Lazarus Group broke into the gaming site Munchables and stole an incredible 17,500 Ethereum (ETH).
A crypto expert named ZachXBT says that between 2020 and 2023, the Lazarus Group laundered around $200 million through more than 25 hacks that involved changing Bitcoin into regular funds. This result was reached by following a network of 25 hacks linked across multiple blockchain platforms and using mixers on centralized exchanges.
But some progress was made in stopping the illegal flow of fund. In November 2023, $374,000 worth of stolen goods were frozen. In the fourth quarter of the same year, an unknown amount of money was also taken from organized exchanges. Also, three companies that made stablecoins linked to the illegal actions froze an extra $3.4 million.