How did North Korean hackers use LinkedIn and social engineering to steal $3.4 billion in cryptocurrency?

How did North Korean hackers steal $3.4 billion in cryptocurrency using LinkedIn and social engineering?

Author: Eric Johansson & Tyler Pearson, DL News

Translation: Felix, LianGuaiNews

North Korean hackers have stolen at least $3.4 billion in cryptocurrency, some of which was through attacks on LinkedIn.

The $3.4 billion figure represents the total amount of hacking attacks related to the North Korean Lazarus Group since 2007, which includes the 2022 attack on the Horizon cross-chain bridge between Ethereum and Harmony, resulting in a loss of approximately $100 million. It also includes the 2023 theft of the Atomic wallet worth over $35 million and the 2017 WannaCry ransomware attack.

Hugh Brooks, Chief Security Operator of blockchain company CertiK, said, “The Lazarus Group has been a major source of income for the North Korean regime.”

What may not be well known is how hackers use platforms like LinkedIn for social engineering and phishing attacks.

An example of this is the “Operation In(ter)ception” launched by cybercriminal groups in 2019.

According to cybersecurity company ESET, the Lazarus Group targeted military and aerospace companies in Europe and the Middle East by posting job advertisements on platforms like LinkedIn to deceive job seekers. They would require job seekers to download PDF files embedded with executable files, enabling them to carry out digital attacks.

Social engineering and phishing attacks both attempt to manipulate victims psychologically to lower their guard and engage in unsafe behaviors such as clicking on links or downloading files. Their malicious software allows hackers to target vulnerabilities in the victim’s system and steal sensitive information.

The Lazarus Group used similar methods in a six-month operation against cryptocurrency payment provider CoinsLianGuaiid, resulting in a theft of $37 million on July 22 this year.

CoinsLianGuaiid disclosed that in March, their engineers received a list of technical infrastructure questions from a so-called “Ukrainian encrypted processing startup.” In June and July, the engineers received false job invitations. On July 22, an employee, thinking they were interviewing for a lucrative job, downloaded malware as part of a supposed technical test.

Prior to this, the hacker group had spent six months researching CoinsLianGuaiid, including details of team members and the company’s structure. When the employee downloaded the malicious code, the hackers gained access to CoinsLianGuaiid’s system and successfully forged authorization requests to extract funds from the company’s hot wallet.

During the entire attack process, the hackers launched technical attacks such as distributed denial-of-service (DDoS) attacks, which attempt to flood websites or network resources with malicious traffic, rendering them unable to function properly. They also employed a strategy known as brute force, repeatedly submitting passwords in hopes of eventually guessing correctly.

The organization also utilizes zero-day attacks (Note: Zero-day vulnerabilities or zero-day exploits usually refer to security vulnerabilities that do not have patches yet, while zero-day attacks refer to the attacks that exploit these vulnerabilities. The individual who provides the details of the vulnerability or the exploit program is typically the discoverer of the vulnerability. The exploitation of zero-day vulnerabilities poses a significant threat to cybersecurity. Therefore, zero-day vulnerabilities are not only favored by hackers, but also serve as an important parameter for evaluating hacker skills.) and deploys malicious software to steal funds, conduct espionage activities, and engage in general destructive activities.

In 2019, the US Treasury Department sanctioned the Lazarus Group and officially linked it to the Reconnaissance General Bureau of North Korea. The US Treasury Department also believes that the organization provides funding for the nuclear weapons program of terrorist states.

Related reading: “North Korean Hackers” Interview Blockchain Engineers: “The world will witness great achievements in my hands.”

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

Babbitt Column | Cai Kailong: How Libra Get Out of the Dilemma

Libra has suffered heavy losses in recent times and is experiencing a dark moment. The first Libra formal meeting is ...

Blockchain

The Fed plans to launch an interbank real-time payment system, and the encryption community said: Bitcoin to consider

According to Cointelegraph on August 6th, the Federal Reserve Board plans to launch a real-time payment and settlemen...

Blockchain

What Bitcoin will look like in 10 years, Satoshi Nakamoto says | Bitcoin Secret History

Different from the direction described by Satoshi Nakamoto in the white paper "Peer-to-Peer Electronic Cash Syst...

Blockchain

"Mastering Bitcoin" Author: Bitcoin currency is the reserve currency for all other encryption

Andreas Antonopoulos, author of Mastering Bitcoin, recently spoke about Bitcoin as a medium of exchange, an account u...

Blockchain

User Experience Survey: What is the next wave of DeFi users?

The writer is Kevin Kim, co-founder of Gossamer on the DeFi platform. Before setting up to build Gossamer, the team i...

Blockchain

Regulators, lottery players become chain nodes, blockchain makes the lottery industry self-certified

Source: Shenzhen Evening News Editor's Note: The original title is "The Blockchain Makes the Lottery Indust...