{"id":13038,"date":"2024-04-29T14:45:55","date_gmt":"2024-04-29T11:45:55","guid":{"rendered":"https:\/\/forklog.com\/en\/lazarus-groups-deceptive-investor-profile-targets-defi-sector\/"},"modified":"2024-04-29T14:45:55","modified_gmt":"2024-04-29T11:45:55","slug":"lazarus-groups-deceptive-investor-profile-targets-defi-sector","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/lazarus-groups-deceptive-investor-profile-targets-defi-sector\/","title":{"rendered":"Lazarus Group&#8217;s Deceptive Investor Profile Targets DeFi Sector"},"content":{"rendered":"<p>North Korean hackers from the Lazarus Group have crafted a fake LinkedIn profile of an investment firm employee to launch cyberattacks on DeFi projects. This was reported by SlowMist&#8217;s Chief Information Security Officer, known as 23pds.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">?Watch out for the <a href=\"https:\/\/twitter.com\/hashtag\/Lazarus?src=hash&#038;ref_src=twsrc%5Etfw\">#Lazarus<\/a> ??? attack on the fake Fenbushi Capital on linkedin! <a href=\"https:\/\/twitter.com\/fenbushi?ref_src=twsrc%5Etfw\">@fenbushi<\/a> <a href=\"https:\/\/twitter.com\/SlowMist_Team?ref_src=twsrc%5Etfw\">@SlowMist_Team<\/a> <a href=\"https:\/\/twitter.com\/boshen1011?ref_src=twsrc%5Etfw\">@boshen1011<\/a> <a href=\"https:\/\/twitter.com\/VitalikButerin?ref_src=twsrc%5Etfw\">@VitalikButerin<\/a> ? <a href=\"https:\/\/t.co\/cAjAcPqkNj\">pic.twitter.com\/cAjAcPqkNj<\/a><\/p>\n<p>\u2014 23pds (@im23pds) <a href=\"https:\/\/twitter.com\/im23pds\/status\/1784763866771320861?ref_src=twsrc%5Etfw\">April 29, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>He identified a user named &#8220;Neville Bolson,&#8221; who purportedly is a founding partner of the blockchain-focused Chinese management firm Fenbushi Capital. The hackers stole the photo from the page of the company&#8217;s real representative, Remington Ong. <\/p>\n<p>According to 23pds, through the fake page, the hackers seek out software developers in the DeFi sector and then send them phishing links. <\/p>\n<p>The connection between &#8220;Neville Bolson&#8221; and the Lazarus Group was established through matching IP addresses and typical attack strategies.<\/p>\n<p>Earlier research revealed that North Korean residents have been plagiarizing online resumes from legitimate LinkedIn and Indeed profiles to secure jobs in U.S. cryptocurrency companies. <\/p>\n<p>According to a recent UN Security Council report, about half of North Korea&#8217;s foreign currency income is <a href=\"https:\/\/forklog.com\/en\/news\/un-cyberattacks-account-for-half-of-north-koreas-foreign-currency-income\">derived from cyberattacks<\/a>, including those on the crypto industry. Their estimates suggest that from 2017 to 2023, hackers inflicted cumulative damages equivalent to $3 billion.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>North Korean hackers from the Lazarus Group have crafted a fake LinkedIn profile of an investment firm employee to launch cyberattacks on DeFi projects. This was reported by SlowMist&#8217;s Chief Information Security Officer, known as 23pds. ?Watch out for the #Lazarus ??? attack on the fake Fenbushi Capital on linkedin! @fenbushi @SlowMist_Team @boshen1011 @VitalikButerin ? [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":13037,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1523,1202],"class_list":["post-13038","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-linkedin","tag-north-korea-dprk"],"aioseo_notices":[],"amp_enabled":true,"views":"21","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/13038","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=13038"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/13038\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/13037"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=13038"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=13038"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=13038"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}