lazarusholic

Everyday is lazarus.dayβ

Lazarus Group Targets Blockchain Developers with Social Engineering and Visual Deception Techniques in Code

2024-05-13, Dimitribest
https://www.linkedin.com/pulse/lazarus-group-targets-blockchain-developers-social-visual-bestuzhev-ije9e/
#ContagiousInterview

Contents

Executive Summary
The Lazarus Cluster, a notorious North Korean state-sponsored hacking organization, has been recently targeting blockchain developers worldwide. By leveraging open-source intelligence (OSINT), social engineering tactics, and visual deception techniques, the group aims to infect victims' systems with carefully crafted malware. This post provides analysis of the Lazarus Group's GitHub-based campaign.

The findings reveal that the group primarily targets full-stack Web3 and blockchain developers actively seeking employment opportunities, with identified victims located in countries such as the United States and Pakistan.

Profiling and Social Engineering
The Lazarus Group begins by profiling potential victims using publicly available information on GitHub. They specifically target blockchain developers who have their email addresses disclosed and indicate that they are "open to work." Once a suitable target is identified, the attackers proceed with their social engineering scheme.

Exploiting the fact that the victim is seeking employment opportunities, the Lazarus Group sends a convincing lure via email. The email likely …

IoC

147.124.212.89
147.124.214.131
147.124.214.237
494862e37bbf509cc0ec3865f0a8926f107af752132f3ac4dd01275f82d0dfad
61e93e0fa6ea4713dd68d9d8b40a6814534a80e2dff1c62a6e64f93debf65a71
67.203.7.171
80088a571cca8967c1bbf84e1afb3aa90a338714e2e178900055d2b7342080eb
e340a51be18a3a0736be11d8335e8e6248fe8cda78c04680bc1cba263d452324
f89658839174089720f0841dec8c25e3e0b7b13782cc14d70d63cf97c1156580
f9eb197c25d5e3158edd274013c56ecf049f79ee7823f93aec24c4530c910b3a
fdfe98d511bce7630de9b2688d315d2d3e604162306ac50e89f01a86abbdeb23
http://147.124.212.89:1244
http://147.124.214.131:1244
http://147.124.214.237:1244
http://67.203.7.171:1244