Home > News > Crypto Hacking Group Lazarus Impersonates Fenbushi Capital Exec: Report

Crypto Hacking Group Lazarus Impersonates Fenbushi Capital Exec: Report

Published: Apr 29, 2024
Written By:
Vignesh Karunanidhi
Milk Road Writer
Crypto Exchange Rain Allegedly Exploited for $14.8M: ZachXBT

North Korea-backed cyber-hacker group, Lazarus, has been actively targeting LinkedIn users by impersonating a senior executive of Chinese blockchain asset management firm Fenbushi Capital, according to a recent report by security firm SlowMist.

The hacker group’s latest social engineering tactics involve creating fake LinkedIn profiles to gain the trust of potential victims before launching phishing attacks.

Key points:

  • Lazarus Group created a fake LinkedIn profile under the name “Nevil Bolson,” claiming to be the founding partner at Fenbushi Capital.
  • The impostor’s profile photo was obtained from Remington Ong, a legitimate Fenbushi Capital partner.
  • The fake LinkedIn user page remains live, with a post seeking software developers for a discussion.
  • Lazarus Group uses the impostor profile to chat privately with targets, discussing investments before suggesting a meeting.
  • The hackers insert malicious links disguised as meeting links or event pages, which launch phishing attacks when clicked.
  • SlowMist identified “Nevil Bolson” as part of Lazarus by comparing IP addresses and analyzing the attack strategy.

Read also: Convicted Crypto Trader In Mango Markets Heist Faces Child Pornography Charges

SlowMist officer revealed the Lazarus group scam on X

SlowMist’s chief information security officer, known as 23pds, shared a screenshot on X revealing the scam LinkedIn user’s profile.Ā 

The security firm’s blog post further elaborated on Lazarus Group’s tactics. The blog stated that the hackers primarily target prominent DeFi projects. This explains why they pretend to be members of investment companies.

By gaining the victim’s trust through private conversations, Lazarus Group eventually shares malicious links that appear to be meeting links or event pages. When clicked, these links launch a phishing attack, potentially compromising the victim’s sensitive information or funds.

SlowMist’s CISO confirmed to The Block that they identified “Nevil Bolson” as a part of Lazarus by comparing IP addresses and analyzing the attack strategy, which aligns with the group’s known tactics.

Also read:Ā New UK Legislation Enables Seizure And Destruction Of Crypto Linked To Crime

The Lazarus Group’s activities have been a significant concern for the cryptocurrency industry, as North Korea relies heavily on state-backed crypto hacker groups to generate foreign currency.

Blockchain analytics firm Chainalysis reports that Lazarus Group and other North Korean hacker groups have stolen $1.7 billion worth of funds from the crypto space across 231 hacks.

The latest revelation of Lazarus Group’s social engineering tactics on LinkedIn serves as a stark reminder of the importance of vigilance and caution when engaging with unknown individuals or entities.

Vignesh Karunanidhi

Vignesh has been a seasoned professional in the crypto space since 2017. He has been writing for over 6 years and specializes in writing and editing various types of crypto content, including news articles, long-form pieces, and blog posts, all focused on sharing the beauty of blockchain and crypto.

Vignesh Karunanidhi
Milk Road Writer
Vignesh has been a seasoned professional in the crypto space since 2017. He has been writing for over 6 years and specializes in writing and editing various types of crypto content, including news articles, long-form pieces, and blog posts, all focused on sharing the beauty of blockchain and crypto.
Read More