New Lazarus Spearphishing Attack on Crypto Organizations Uses a LinkedIn Job Posting as its Front

spear phishing attackWhat better way to gain complete control over a crypto organization’s network that to target their sysadmin with a Job Posting and then spear phish them?

It’s a brilliant and elegant attack. The Lazarus group, formerly responsible for WannaCry, is jumping on the cryptocurrency-as-the-target bandwagon. We’ve seen prominent twitter accounts being hacked with crypto as the endgame, as well as recent vishing attacks on financial organizations to eventually gain access to high net worth customers’ cryptocurrency accounts.

According to security researchers at F-Secure, in this latest attack from Lazarus, a legitimate LinkedIn ad is posted looking for a sysadmin for a blockchain technology company. The ad targets current sysadmins at cryptocurrency organizations. Once a candidate sysadmin engages via the ad, they are sent a Word document as part of the process, complete with the claim that the document is protected under GDPR and requires macros to be enabled.

Once enabled, a series of malicious actions occur including the conducting of system checks and downloading system-specific malware payloads. Credential harvesting, deletion of security log entries, and lateral movement are all part of the attack.

Despite the sophistication of the attack, there is one common, non-technical element that determines whether this campaign works or not – the human.

The success or failure of this attack rests solely with the sysadmin; if they don’t fall for the macro enabling and realize this is probably a scam, the whole thing falls apart.

This is why I recommend that everyone – from the mailroom to the CEO’s office – take Security Awareness Training to educate employees on common tactics that are not just used, but often required as part of a phishing attack (such as the enabling of macros) so that the employee’s own internal set of red flags are raised and attacks like this one from Lazarus is stopped in its’ tracks.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Cybersecurity Awareness Month Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews