Lazarus Group that is being funded by North Korea Military Intelligence is reportedly using signed executable to mimic a Coinbase website in order to attract employees and customers. The aim behind the said social engineering attack is simple, one to trap employees with fake job offers and second to lure customers in signing up the page and then steal their currency.
In what is known to our Cybersecurity Insiders, Lazarus Group of hackers has been indulging in such tactics from the past few weeks and has trapped so far around 60 customers and 13 employees.
All these days, they were busy launching phishing emails on corporate networks. But now have spread malware in disguise of a PDF file to employees in reputable positions at Coinbase.
We already know that North Korea leader Kim Jong Un is fulfilling his nuclear ambitions by stealing currency from banks, stealing cryptocurrency from individual accounts, and raiding crypto exchanges to steal currency.
The latest activity seems to be part of the treacherous act of duping Coinbase customers and employees.
Surprisingly, this is for the first time that Lazarus is being involved in malware distribution to devices loaded with MacOS and that too by impersonating a cryptocurrency exchanging company.
NOTE– Lazarus is also known in the world of cybercrime as Guardians of Peace and is being run and funded by the government of North Korea. United States Intelligence Community has given the group as Hidden Cobra and Microsoft has tagged the name of this group as ZINC. All the hackers in this group are trained and receive education from Kim Chaek University of Technology and also take courses at Kim II -Sung University and Moranbong University. And only after completing 6 years of education, they are inducted into the group as official hackers.
