Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks - #Lazarus
The Lazarus Group, a North Korean state-sponsored cyber threat actor, has escalated its activities in the cryptocurrency sector, employing sophisticated tactics to steal billions in digital assets. Their recent campaigns, including 'ClickFake Interview' and malicious npm package distribution, target both technical and non-technical professionals in the industry. Using social engineering, fake job interviews, and supply chain attacks, they deploy malware such as GolangGhost and BeaverTail to infiltrate systems and steal sensitive data. The group's success, evidenced by the $1.5 billion theft from Bybit, has positioned North Korea as the third-largest state holder of Bitcoin. As Lazarus evolves into a complex network of specialized sub-groups, cybersecurity experts stress the importance of refined attribution methodologies and preventive measures to combat these increasingly sophisticated threats.