Lazarus Group Uses LinkedIn to Social Engineer Security Researchers
Overt Operator & Quinten Epting
March 14, 2023
Photo: Unsplash
Lazarus, a North Korean APT group (also known as 'UNC290'), has been using LinkedIn to conduct social engineering attacks since June 2022. These attacks have primarily targeted security researchers, and to gain the trust of potential targets, the group impersonates legitimate recruiters before persuading them to communicate via email or WhatsApp.
Touchmove, Sideshow, and Touchshift are three new code families that have been delivered as a result of these attacks via malware dropper.
LinkedIn can be exploited by a threat actor linking their profile to a reputable business without having to first get permission from the company. Because of this, targeted spearphishing campaigns are made extremely simple for attackers.
Key Points:
The APT group Lazarus is utilizing Linkedin as a method of targeting security researchers
Attacks started against a U.S. based tech company
Users should be cautious about who they connect with on LinkedIn and verify the identity of the person before accepting their request