How did North Korean hackers use LinkedIn and social engineering to steal $3.4 billion in cryptocurrency?

How did North Korean hackers steal $3.4 billion in cryptocurrency using LinkedIn and social engineering?

Author: Eric Johansson & Tyler Pearson, DL News

Translation: Felix, LianGuaiNews

North Korean hackers have stolen at least $3.4 billion in cryptocurrency, some of which was through attacks on LinkedIn.

The $3.4 billion figure represents the total amount of hacking attacks related to the North Korean Lazarus Group since 2007, which includes the 2022 attack on the Horizon cross-chain bridge between Ethereum and Harmony, resulting in a loss of approximately $100 million. It also includes the 2023 theft of the Atomic wallet worth over $35 million and the 2017 WannaCry ransomware attack.

Hugh Brooks, Chief Security Operator of blockchain company CertiK, said, “The Lazarus Group has been a major source of income for the North Korean regime.”

What may not be well known is how hackers use platforms like LinkedIn for social engineering and phishing attacks.

An example of this is the “Operation In(ter)ception” launched by cybercriminal groups in 2019.

According to cybersecurity company ESET, the Lazarus Group targeted military and aerospace companies in Europe and the Middle East by posting job advertisements on platforms like LinkedIn to deceive job seekers. They would require job seekers to download PDF files embedded with executable files, enabling them to carry out digital attacks.

Social engineering and phishing attacks both attempt to manipulate victims psychologically to lower their guard and engage in unsafe behaviors such as clicking on links or downloading files. Their malicious software allows hackers to target vulnerabilities in the victim’s system and steal sensitive information.

The Lazarus Group used similar methods in a six-month operation against cryptocurrency payment provider CoinsLianGuaiid, resulting in a theft of $37 million on July 22 this year.

CoinsLianGuaiid disclosed that in March, their engineers received a list of technical infrastructure questions from a so-called “Ukrainian encrypted processing startup.” In June and July, the engineers received false job invitations. On July 22, an employee, thinking they were interviewing for a lucrative job, downloaded malware as part of a supposed technical test.

Prior to this, the hacker group had spent six months researching CoinsLianGuaiid, including details of team members and the company’s structure. When the employee downloaded the malicious code, the hackers gained access to CoinsLianGuaiid’s system and successfully forged authorization requests to extract funds from the company’s hot wallet.

During the entire attack process, the hackers launched technical attacks such as distributed denial-of-service (DDoS) attacks, which attempt to flood websites or network resources with malicious traffic, rendering them unable to function properly. They also employed a strategy known as brute force, repeatedly submitting passwords in hopes of eventually guessing correctly.

The organization also utilizes zero-day attacks (Note: Zero-day vulnerabilities or zero-day exploits usually refer to security vulnerabilities that do not have patches yet, while zero-day attacks refer to the attacks that exploit these vulnerabilities. The individual who provides the details of the vulnerability or the exploit program is typically the discoverer of the vulnerability. The exploitation of zero-day vulnerabilities poses a significant threat to cybersecurity. Therefore, zero-day vulnerabilities are not only favored by hackers, but also serve as an important parameter for evaluating hacker skills.) and deploys malicious software to steal funds, conduct espionage activities, and engage in general destructive activities.

In 2019, the US Treasury Department sanctioned the Lazarus Group and officially linked it to the Reconnaissance General Bureau of North Korea. The US Treasury Department also believes that the organization provides funding for the nuclear weapons program of terrorist states.

Related reading: “North Korean Hackers” Interview Blockchain Engineers: “The world will witness great achievements in my hands.”

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

NASDAQ: Joined Bitcoin's "Wish List" this year

The bitcoin of the previous day showed a rise of 5,500. According to the "rice law", the rise is sure to fi...

Blockchain

Oasis Network, the blockchain privacy computing platform, officially launched its first public beta network

This week, the blockchain privacy computing platform Oasis Network announced the official launch of the public test n...

Blockchain

Encrypted cat team shot again! Dapper Labs Receives $11 Million Investment from A16z

Warner Music has partnered with Dapper Labs, the company behind CryptoKitties, to create a new blockchain flow. Accor...

Market

Forbes: Billionaires love Bitcoin, want to buy 4.5 million BTCs through encryption brokers

According to foreign media reports, Forbes magazine writer Billy Bambrough said Eleesa Dadiani, the cryptocurrency br...

Blockchain

Vitalik: A new way to implement cross-segment trading

On October 29th, Ethereum co-founder Vitalik Buterin released a new proposal for cross-segment trading, a so-called c...

Market

Facebook holds high "Libra" Bitcoin market rises

Bitcoin has continued its rise for several months. At the end of May, once it broke through 9,000 US dollars, it quic...