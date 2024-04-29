<p><span style="font-weight: 400;">The North Korea-backed cyber-hacker entity Lazarus Group is targeting LinkedIn users by impersonating an executive member of Chinese blockchain asset management firm Fenbushi Capital, security firm SlowMist said Monday.</span></p>\r\n<p><span style="font-weight: 400;">SlowMist’s chief information security officer posted a </span><span style="font-weight: 400;"><a href="https://twitter.com/im23pds/status/1784763866771320861?s=46&amp;t=yoL7WJcO9vZ3TjSE2j6FRQ">screenshot</a> on X</span><span style="font-weight: 400;"> that shows the scam LinkedIn user under the name “Nevil Bolson” who claimed to be the founding partner at Fenbushi. The impostor’s profile picture was taken from real Fenbushi Capital partner Remington Ong, according to 23pds.</span></p>\r\n<p><span style="font-weight: 400;">The Block confirmed that Lazarus Group’s fake LinkedIn user page remains live at publication time. “Looking for Software developers. Please reach out to me for more discussion,” the impostor posted on LinkedIn three weeks ago.</span></p>\r\n<p><span style="font-weight: 400;">“Lazarus would use this impostor to chat privately with their targets on LinkedIn, chatting in the name of investment, and then would say, ‘let’s set up a meeting,’” 23pds told The Block. </span></p>\r\n<p><span style="font-weight: 400;">SlowMist </span><a href="https://slowmist.medium.com/analysis-of-north-korean-hackers-targeted-phishing-scams-on-telegram-872db3f7392b"><span style="font-weight: 400;">said</span></a><span style="font-weight: 400;"> in a blog post that Lazarus targets prominent DeFi projects, which is one of the reasons the hacker group poses as a member of an investment company. After the hackers gain the victim’s trust, Lazarus inserts malicious links that pose as a meeting link or an events page, which will launch a phishing attack when clicked.</span></p>\r\n<p><span style="font-weight: 400;">The SlowMist CISO told The Block that they identified “Nevil Bolson” as a part of Lazarus by comparing IP addresses on top of using the same attack strategy.</span></p>\r\n<p><span style="font-weight: 400;">North Korea’s state-backed crypto hacker groups earned the country around 50% of its foreign currency, a large share of which was reportedly used for developing weapons of mass destruction, </span><a href="https://www.theblock.co/post/283849/un-north-korea-hack-report"><span style="font-weight: 400;">according to</span></a><span style="font-weight: 400;"> the UN Security Council.</span></p>\r\n<p><span style="font-weight: 400;">About </span><a href="https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2024/"><span style="font-weight: 400;">$1.7 billion worth of funds</span></a><span style="font-weight: 400;"> were stolen from the crypto space across 231 hacks, according to blockchain analytics firm Chainalysis.</span></p><br /><span class="copyright"><p>Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in <a href="https://www.foresightventures.com/portfolio">other companies</a> in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current <a href="https://www.theblock.co/financial-disclosures">financial disclosures</a>.</p>\n<p>© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.</p>\n</span>