Lazarus Group’s Latest Cyber Espionage Tactics Involving LinkedIn
Contents
Lazarus Group’s Latest Cyber Espionage Tactics Involving LinkedIn
The Lazarus Group, a North Korean government-backed hacking team, has increased its spying efforts by taking advantage of work networking sites like LinkedIn. Their new attack hits people in the money and travel fields by pretending to be recruiters, wanting to use smart malware on many systems.
The Fake Job Hunt Tactic
The assault starts with a tempting LinkedIn note proposing to work together on projects linked to decentralized cryptocurrency exchanges. The proposition underlined appealing perks like remote work, part-time flexibility, and competitive pay to reel in potential victims. After expressing interest, the target is then asked by the fake recruiter for a CV or an associated link to their GitHub repository seemingly to assess qualifications. These requests serve as tactics to collect personal information and thereby establish legitimacy in the interaction.
Cross-Platform Malware Deployment
After the initial contact, they share a purported minimum viable product for …
The Lazarus Group, a North Korean government-backed hacking team, has increased its spying efforts by taking advantage of work networking sites like LinkedIn. Their new attack hits people in the money and travel fields by pretending to be recruiters, wanting to use smart malware on many systems.
The Fake Job Hunt Tactic
The assault starts with a tempting LinkedIn note proposing to work together on projects linked to decentralized cryptocurrency exchanges. The proposition underlined appealing perks like remote work, part-time flexibility, and competitive pay to reel in potential victims. After expressing interest, the target is then asked by the fake recruiter for a CV or an associated link to their GitHub repository seemingly to assess qualifications. These requests serve as tactics to collect personal information and thereby establish legitimacy in the interaction.
Cross-Platform Malware Deployment
After the initial contact, they share a purported minimum viable product for …
IoC
http://104.168.165.203
http://104.168.157.45
https://filedn.com/lY24cv0IfefboNEIN0I9gqR
http://support.docsend.site
http://support.cloudstore.business
104.168.165.203
104.168.157.45
http://104.168.157.45
https://filedn.com/lY24cv0IfefboNEIN0I9gqR
http://support.docsend.site
http://support.cloudstore.business
104.168.165.203
104.168.157.45