top of page

Lazarus Group Uses LinkedIn to Social Engineer Security Researchers

Lazarus, a North Korean APT group (also known as 'UNC290'), has been using LinkedIn to conduct social engineering attacks since June 2022. These attacks have primarily targeted security researchers, and to gain the trust of potential targets, the group impersonates legitimate recruiters before persuading them to communicate via email or WhatsApp.

Photo: Unsplash

Touchmove, Sideshow, and Touchshift are three new code families that have been delivered as a result of these attacks via malware dropper.

LinkedIn can be exploited by a threat actor linking their profile to a reputable business without having to first get permission from the company. Because of this, targeted spearphishing campaigns are made extremely simple for attackers.

Key Points:

  • The APT group Lazarus is utilizing Linkedin as a method of targeting security researchers

  • Attacks started against a U.S. based tech company

  • Users should be cautious about who they connect with on LinkedIn and verify the identity of the person before accepting their request

102 views0 comments

The Latest

Get the daily newsletter that intelligence professionals rely on to stay informed.

Want Even More Content?