North Korean hackers from the Lazarus Group have crafted a fake LinkedIn profile of an investment firm employee to launch cyberattacks on DeFi projects. This was reported by SlowMist’s Chief Information Security Officer, known as 23pds.
?Watch out for the #Lazarus ??? attack on the fake Fenbushi Capital on linkedin! @fenbushi @SlowMist_Team @boshen1011 @VitalikButerin ? pic.twitter.com/cAjAcPqkNj
— 23pds (@im23pds) April 29, 2024
He identified a user named “Neville Bolson,” who purportedly is a founding partner of the blockchain-focused Chinese management firm Fenbushi Capital. The hackers stole the photo from the page of the company’s real representative, Remington Ong.
According to 23pds, through the fake page, the hackers seek out software developers in the DeFi sector and then send them phishing links.
The connection between “Neville Bolson” and the Lazarus Group was established through matching IP addresses and typical attack strategies.
Earlier research revealed that North Korean residents have been plagiarizing online resumes from legitimate LinkedIn and Indeed profiles to secure jobs in U.S. cryptocurrency companies.
According to a recent UN Security Council report, about half of North Korea’s foreign currency income is derived from cyberattacks, including those on the crypto industry. Their estimates suggest that from 2017 to 2023, hackers inflicted cumulative damages equivalent to $3 billion.