Beware: Lazarus Hackers Target Crypto Industry via LinkedIn

North Korea’s Lazarus Group exploits LinkedIn, targeting the cryptocurrency industry with sophisticated malware hidden in job application codes.

A hacker scammer hiding behind a cloud on linkedin.
Created by Kornelija Poderskytė from DailyCoin
  • Lazarus Group initiates contact via LinkedIn as job seekers.
  • The notorious cybercriminals deploy malware through the recruitment process.
  • Learn strategies to thwart such attacks.

In today’s digital age, the intersection of technology and finance has bred fertile ground for cybercriminals, particularly within the rapidly growing cryptocurrency sector. 


Recent reports from cybersecurity firms have spotlighted an alarming trend: the use of professional networking platforms, like LinkedIn, by organized cybercrime groups. Specifically, the infamous Lazarus Group has developed a method of attack by masquerading as computer programmers looking for work. 

North Korea’s Lazarus Group Poses As Developers on LinkedIn

On Wednesday, April 24, a researcher at a blockchain security firm SlowMist revealed that North Korea’s Lazarus Group has found a new method to attack companies. The group is masquerading as job seekers specializing in React and Blockchain technologies. They approach targeted companies on LinkedIn, presenting themselves as prospective candidates. 

Once contact is established, they encourage the target to review their coding work, which is hosted on platforms like GitHub. The repositories, however, are far from benign. They contain malicious code snippets that, when executed, initiate a sequence of events designed to compromise the target’s computer. 

This code provides the attackers with a backdoor to potentially more significant corporate resources, including access to sensitive financial information and crypto assets. 

How to Protect Your Organization From Lazarus Hack

The Lazarus Group’s sophisticated approach, using LinkedIn to distribute malware through fake job offers, highlights the need for enhanced vigilance and cybersecurity practices.

  • Conduct Background Checks: Thoroughly vet new contacts and companies reaching out with job opportunities, especially if they are unsolicited. Use LinkedIn to check mutual connections and the legitimacy of the company profile.
  • Seek External Validation: Before engaging with job offers that require accessing code or documents, seek recommendations or insights from trusted colleagues or industry networks.
  • Use Sandbox Environments: Run any unfamiliar code in a sandbox environment that isolates it from critical systems and data. This precaution helps in identifying malicious activities without risking the integrity of your main network.
  • Implement Code Review Processes: Establish a mandatory code review process involving multiple team members before any external code is executed within the organization’s systems.
  • Deploy Endpoint Detection and Response (EDR) Systems: Utilize advanced EDR systems that can detect, isolate, and remediate suspicious activities automatically.
  • Update and Patch Systems Regularly: Ensure that all software, especially browsers and security tools, are up-to-date with the latest security patches and updates.

By incorporating these strategies, individuals and organizations can significantly reduce the risk of falling victim to sophisticated cyber-attacks through LinkedIn and other professional networking platforms. 

On the Flipside

  • North Korean state-sponsored Lazarus Group is behind several high-profile attacks and has been linked to the Coinspaid, Atomic Wallet, and Harmony Hacks. 
  • After U.S. authorities sanctioned the Tornado Cash mixer, Lazarus Group pivoted to other services. 

Why This Matters

The Lazarus Group’s LinkedIn attacks are a stark reminder of the vulnerabilities and the potential consequences of breaches. These include financial losses, theft of sensitive information, and reputation and trust damage. 

Read more about what authorities are doing about the Lazarus Groups: 
Chainalysis: Law Enforcement Plays Whack-A-Mole With Lazarus

Read more about Binance’s regulatory troubles: 
Philippines SEC Seeks to Drop Binance From App Stores

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

David Marsanic

David Marsanic is a journalist for DailyCoin who covers the intersection of crypto, traditional finance, and government. He focuses on institutionalized crypto entities like major cryptocurrency exchanges and Solana, breaking down complex topics into easy-to-understand writing. David's prior experience as a business journalist at various crypto and traditional news sites has enabled him to maintain a critical approach to news while adhering to high journalistic integrity standards.