Lazarus Group Targets Cryptocurrency Firms Via LinkedIn Messages

Lazarus Group Targets Cryptocurrency Firms Via LinkedIn Messages

The North Korean-linked APT’s latest campaign shows that it is shifting focus to target the cryptocurrency and financial verticals.

The North Korean-linked APT’s latest campaign shows that it is shifting focus to target the cryptocurrency and financial verticals.

The nation-state threat operator Lazarus Group is being tied to a recent phishing campaign that targeted admins at a cryptocurrency firm via LinkedIn messages.

Researchers say that the recently identified a series of incident that were part of a broader campaign targeting businesses worldwide through LinkedIn messages sent to targets’ personal LinkedIn accounts. The goal of the campaign appears to be financially motivated, with the attackers harvesting credentials necessary for accessing cryptocurrency wallets or online bank accounts.

“Lazarus Group’s activities are a continued threat: the phishing campaign associated with this attack has been observed continuing into 2020, raising the need for awareness and ongoing vigilance amongst organizations operating in the targeted verticals,” said researchers with F-Secure in a Tuesday post [PDF].

hacks web security apt hack phishing security

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Microsoft Exchange, Outlook Under Siege By APTs

A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection.

Best Custom Web & Mobile App Development Company

Top Web & Mobile Application Development Company in India & USA. We specialize in Golang, Ruby on Rails, Symfony, Laravel PHP, Python, Angular, Mobile Apps, Blockchain, & Chatbots

Microsoft Office 365 Phishing Attack Uses Multiple CAPTCHAs

Researchers are warning of an ongoing Office 365 credential-phishing attack that's targeting the hospitality industry – and using visual CAPTCHAs to avoid detection and appear legitimate. ... The multiple CAPTCHAs serve as backups, in case the first one gets defeated by automated systems, said researchers.

Amazon-Themed Phishing Campaigns Swim Past Security Checks

A pair of recent campaigns aim to lift credentials and other personal information under the guise of Amazon package-delivery notices.

Unsecured Microsoft Bing Server Leaked Search Queries, Location Data

Data exposed included search terms, location coordinates, and device information – but no personal data.