North Korean hackers target the fintech industry, targeting sector employees by impersonating popular crypto exchange Coinbase.
North Korean hackers target the fintech industry, targeting fintech employees by impersonating popular crypto exchange Coinbase.
Coinbase is one of the largest cryptocurrency platforms for buying, selling, transferring and storing digital currency.
For this particular campaign, the modus operandi of the hacking group is to approach victims through hiring platforms such as LinkedIn and Indeed, lure them with a job offer, and maintain a preliminary discussion as part of a social engineering attack.
Due to Coinbase’s popularity, Lazarus was able to draw victims with a lucrative and attractive job offer at the prestigious organisation.
Hussein Jazi, a security researcher at Malwarebytes, has been tracking Lazarus activity since February 2022 and shared a screenshot of the sample email sent to target candidates. The fake job description reads “Engineering manager, Product Security” at Coinbase.
The email states that Coinbase looks at a few things before hiring at the company, regardless of role or team.
“First, we look for candidates who thrive in a culture like ours, where we default to trust, embrace feedback, and disrupt ourselves. Second, we expect all employees to commit our mission-focussed approach to our work. Finally, we seek people excited to learn about and live crypto, because those are the folks who enjoy the intense moments in our sprint and recharge work culture,” it read.
In addition, it also said, “We’re a remote-first company looking to hire the absolute best talent all over the world.”
According to BleepingComputer, the victims are targeted to download what they believe is a PDF about the job position titled “Coinbase_online_careers_2022_07.exe.” However, they end up unknowingly downloading a malicious PDF executable file, masked to load a malicious DLL.
Jazi told BleepingComputer, "Lazarus follows similar tactics and methods to infect their targets with malware, and the individual phishing campaigns feature infrastructure overlaps.”
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?