• World CyberCon India
Firewall Daily

North Korean Hackers Use Coinbase Job Offers to Target Fintech Employees

North Korean hacker group Lazarus uses Coinbase job offers in a new social engineering campaign to target potential employees on LinkedIn.

North Korean Hackers Use Coinbase Job Offers to Target Fintech Employees
  • PublishedAugust 8, 2022

North Korea-based hacking group, Lazarus, has started a social engineering campaign targeting potential financial industry employees using Coinbase as bait. The hackers are posting ads for Coinbase job offers on sites like LinkedIn to lure job-seeking candidates by presenting fake job offers.

According to Malwarebyte, which has been regularly monitoring Lazarus since February 2022, the hacking organization has now adopted social engineering hacking, in which it contacts potential candidates for positions like “Engineering Manager, Product Security” while posing as a representative of Coinbase.

Lazarus uses Coinbase Job Offers to target employees on LinkedIn

Known by different monikers, such as Guardians of Peace or Whois Team, the North Korea-based Lazarus group initiated many attacks between 2010 and 2021. However, the latest social engineering attack primarily targets job seekers on websites like LinkedIn using Coinbase job offers as bait. The hackers run the campaign via LinkedIn and reach out to candidates looking for jobs in the fintech industry.

After making the candidate comfortable with wheedling, the hackers send a fake PDF file to them, which is an actual malicious executable attached to the PDF icon. In a Tweet shared by the Malwarebyte threat Intel researcher, Jazi, we can see that the files name described by the hacker is “Engineering Manager, Product Security.” However, upon close inspection, the actual name of the executable file is “Coinbase_online_careers_2022_07.exe”.

In a similar Tweet shared by Jazi on January 27th, 2022, Lazarus seems to be using the same method but using General Dynamics Electric Boat as bait for targets. In both cases, the executable file will open and use GitHub as the command-and-control server to target the individual device.

The Crypto market is currently flourishing, and many companies like Coinbase are popular among people. The hackers are simply cashing on the trend, and the social engineering attacks seem to work because many people are searching for jobs now. Hacking organizations like Lazarus are winning the bid by providing a chance for employment in companies like Coinbase.

Written By

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.

1 Comment

Comments are closed.