How did North Korean hackers use LinkedIn and social engineering to steal $3.4 billion in cryptocurrency?

How did North Korean hackers steal $3.4 billion in cryptocurrency using LinkedIn and social engineering?

Author: Eric Johansson & Tyler Pearson, DL News

Translation: Felix, LianGuaiNews

North Korean hackers have stolen at least $3.4 billion in cryptocurrency, some of which was through attacks on LinkedIn.

The $3.4 billion figure represents the total amount of hacking attacks related to the North Korean Lazarus Group since 2007, which includes the 2022 attack on the Horizon cross-chain bridge between Ethereum and Harmony, resulting in a loss of approximately $100 million. It also includes the 2023 theft of the Atomic wallet worth over $35 million and the 2017 WannaCry ransomware attack.

Hugh Brooks, Chief Security Operator of blockchain company CertiK, said, “The Lazarus Group has been a major source of income for the North Korean regime.”

What may not be well known is how hackers use platforms like LinkedIn for social engineering and phishing attacks.

An example of this is the “Operation In(ter)ception” launched by cybercriminal groups in 2019.

According to cybersecurity company ESET, the Lazarus Group targeted military and aerospace companies in Europe and the Middle East by posting job advertisements on platforms like LinkedIn to deceive job seekers. They would require job seekers to download PDF files embedded with executable files, enabling them to carry out digital attacks.

Social engineering and phishing attacks both attempt to manipulate victims psychologically to lower their guard and engage in unsafe behaviors such as clicking on links or downloading files. Their malicious software allows hackers to target vulnerabilities in the victim’s system and steal sensitive information.

The Lazarus Group used similar methods in a six-month operation against cryptocurrency payment provider CoinsLianGuaiid, resulting in a theft of $37 million on July 22 this year.

CoinsLianGuaiid disclosed that in March, their engineers received a list of technical infrastructure questions from a so-called “Ukrainian encrypted processing startup.” In June and July, the engineers received false job invitations. On July 22, an employee, thinking they were interviewing for a lucrative job, downloaded malware as part of a supposed technical test.

Prior to this, the hacker group had spent six months researching CoinsLianGuaiid, including details of team members and the company’s structure. When the employee downloaded the malicious code, the hackers gained access to CoinsLianGuaiid’s system and successfully forged authorization requests to extract funds from the company’s hot wallet.

During the entire attack process, the hackers launched technical attacks such as distributed denial-of-service (DDoS) attacks, which attempt to flood websites or network resources with malicious traffic, rendering them unable to function properly. They also employed a strategy known as brute force, repeatedly submitting passwords in hopes of eventually guessing correctly.

The organization also utilizes zero-day attacks (Note: Zero-day vulnerabilities or zero-day exploits usually refer to security vulnerabilities that do not have patches yet, while zero-day attacks refer to the attacks that exploit these vulnerabilities. The individual who provides the details of the vulnerability or the exploit program is typically the discoverer of the vulnerability. The exploitation of zero-day vulnerabilities poses a significant threat to cybersecurity. Therefore, zero-day vulnerabilities are not only favored by hackers, but also serve as an important parameter for evaluating hacker skills.) and deploys malicious software to steal funds, conduct espionage activities, and engage in general destructive activities.

In 2019, the US Treasury Department sanctioned the Lazarus Group and officially linked it to the Reconnaissance General Bureau of North Korea. The US Treasury Department also believes that the organization provides funding for the nuclear weapons program of terrorist states.

Related reading: “North Korean Hackers” Interview Blockchain Engineers: “The world will witness great achievements in my hands.”

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

The Block's latest research: Which investment institutions benefit from Coinbase's currency?

QUICK TAKE • Coinbase has a practice to publish a research report on the asset before the asset goes online. &...

Blockchain

Who is the biggest bitcoin holder: Nakamoto, Winklevoss brothers or "King of encryption" Barry Sylbert?

We know that there are many “whales” that have the ability to drive the cryptocurrency market. However,...

Blockchain

The price has plummeted and the computing power has plummeted. The data tells you whether BTC miners have sold off?

On Tuesday, the data analysis website TheTokenAnalyst reported that Bitcoin has experienced a historical plunge this ...

Blockchain

Babbitt column | blockchain, naturally has To B gene

First, the block chain of To B gene In the white paper of the blockchain of Tencent, there is such a sentence: the bl...

Bitcoin

Breaking News: Bitcoin and the Lightning Network Revolutionize Online Content Monetization and Engagement!

Mash and TFTC's latest innovative solution promises to revolutionize the functionality of online content platforms.

Blockchain

Tiger Fight Forum Hot Discussion: NBA Lone Ranger accepts bitcoin payments

Bitcoin has been controversial and questioned since its birth for just 10 years. This electronic currency has always ...