North Korea as a country is a complete mystery. No one knows what really goes on there. Their communist leader is revered as a god, and the people live in absolute tyranny. Refugees like Yeonmi Park tell stories that would make your hair rise. But even though most people there live in extreme poverty, North Korean hackers are revered as some of the best in the world. Their government places a significant emphasis on hacking as a profession, and for many people, their life choice is to learn how to hack or starve to death. Most of them chose the former.
How do they target job seekers?
Lazarus is one of the most famous hacker groups in the world. Over the past couple of years, they’ve been targeting professionals on LinkedIn, disguised as HR staff, working for fake companies. With the massive rise of crypto during the same time, they’ve stolen billions of dollars.
Their newest operation started all the way in 2020, and we’re seeing the results now. They used social engineering tactics for two years to establish an online presence and falsely invited military and aerospace personnel with fake job offers.
In “Operation In(ter)ception”, they pretended to work for Coinbase, one of the world’s largest crypto exchanges. An unsuspecting victim would get a message on LinkedIn stating that they’re a perfect role for a new job with excellent starting pay and amazing benefits. At the start, everything seems pretty normal. They go through an interview process, and then the hackers send three files. One is a PDF file, another is an executable, and the third one is a downloader.
In reality, the PDF file is a decoy of an executable that launches the app and the downloader. At that moment, a device becomes compromised, and the hackers can retrieve payloads and information from anywhere in the world.
What’s even worse about it is that it isn’t limited to macOS. Now, they’ve created a version for Windows, and people will fall for it even more.
Is this the first time that North Korea has struck?
Earlier this year, the same hacker group stole over 600 million from the popular play-to-earn game Axie Infinity. They used the same tactic, which worked on a senior software developer trained to avoid phishing scams. The social engineering that Lazarus uses is outstanding. Even trained professionals can’t distinguish what’s real and what’s fake.
The former employee downloaded a PDF file, and through his device, the hackers could take control of 4 out of the 9 nodes that validate transactions. Silently, they sent 620 million dollars to their address, and the company didn’t realize that there was something wrong for almost a week.
How can you protect yourself?
Don’t download files from strangers! It doesn’t matter if it’s LinkedIn, Facebook, Instagram, or email. You never know what could be inside. Hackers have created something that’s called a drive-by download.
They can install malware on your device without permission, just as long as you click a link. The file will be invisible, and the malware it installs will ask a simple yes or no question disguised as a system update. All it needs is a click. The option doesn’t matter. Because of this, it’s essential to double and triple-check whether the file you’re downloading is safe.
One of the things that can keep you safe is a VPN that works as an ad blocker as well. It’s the newest feature in the VPN industry that makes them a pioneer in the sector. With this feature active, every website you visit will check whether it’s real or has something fishy in the code.
Not only that but all of the files you download will be scanned for malware. This means that even if you mistakenly click on something and a drive-by download starts, this software will stop it in its tracks. Finally, Threat Protection blocks all cookies and ads, making you less targetable and ensuring that you’re browsing the web safely.
Of course, if you purposefully share personal information and have a weak password, all of the protection in the world won’t be useful. You need to learn about the best cybersecurity practices and implement them whenever you browse the net for maximum protection.