The North Korean hacker collective known as the Lazarus Group has been identified by cybersecurity firm SlowMist as using LinkedIn to impersonate executives from the blockchain asset management company Fenbushi Capital. This strategy is part of a broader scheme to execute phishing attacks against blockchain industry professionals.
According to SlowMist, the hackers have created a fraudulent LinkedIn account under the name “Nevil Bolson,” claiming to be a founding partner of Fenbushi. This profile uses the image of a legitimate Fenbushi partner, enhancing its credibility to deceive LinkedIn users.
The fraudulent activities have escalated recently, with Lazarus focusing on employees who have a background in cryptocurrency, using the social platform as the main channel for their malicious activities.
SlowMist’s findings also reveal that the group has been involved in moving $12 million in Ethereum through Tornado Cash, a noted cryptocurrency mixer, as part of their financial maneuvers.
Lazarus targets significant decentralized finance (DeFi) projects, using the crafted identity to insert malicious links that appear as legitimate business inquiries or event invitations. When clicked, these links initiate phishing attacks, posing a serious threat to data security and financial integrity in the blockchain sector.