Security News > 2020 > August > North Korean hackers pwned cryptocurrency sysadmin with GDPR-themed LinkedIn lure, says F-Secure

Infosec biz F-Secure has uncovered a North Korean phishing campaign that targeted a sysadmin with a fake Linkedin job advert using a General Data Protection Regulation themed lure.

The sysadmin worked for a cryptocurrency business, said the threat intel firm, which made him a ripe target for the money-hungry state hackers Lazarus Group, aka APT38, supposedly backed by North Korea.

North Korean attackers targeted "Organizations in the cryptocurrency vertical" based in Britain, the US, the Netherlands, Germany, Singapore, Japan, and at least eight other countries, said F-Secure.

Lazarus Group is well known for targeting financial institutions in order to siphon money back to North Korea, whose economy has stagnated for decades under Western-led sanctions intended to persuade the Communist dictatorship not to develop nuclear weapons.

In 2014 the state-backed hackers targeted Sony Pictures, stealing sensitive internal files; in 2016 they stole $81m from a Bangladeshi bank; a year later it was revealed they were targeting everything from casinos to software devs working on financial software; and last year they went completely beyond the pale by deploying in-memory malware for macOS. The group is also thought to have been behind the Wannacry malware that temporarily crippled Britain's National Health Service.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/08/25/lazarus_group_north_korea_linkedin_lure/