Lazarus Group, a notorious hacking collective believed to be funded by North Korea’s government, is now shifting its focus to target software developers and freelancers through malware campaigns. Their strategy is straightforward: they aim to deceive victims and infiltrate their company networks. For freelancers, the situation is different, as Lazarus hackers are using malicious software to turn infected devices into part of a botnet.
In both scenarios, Lazarus benefits by extracting money from the victims, which in turn supports North Korea’s ongoing efforts to fund its leader Kim Jong-un’s nuclear ambitions.
The group’s method is clear: they begin by sending fake recruitment emails via LinkedIn or other job portals to software developers. These emails direct victims to platforms like GitLab Repositories, disguised as web coding or cryptocurrency blockchain projects, which in reality deliver malware.
So far, the campaign, dubbed “Pay99,” has primarily targeted countries such as Argentina, Brazil, Egypt, France, Germany, India, Indonesia, Mexico, Pakistan, the Philippines, and the UK. However, it is likely that the campaign will soon extend to other regions, including Australia, the United States, and Canada.
North Korea has been engaged in such cyber activities for years, as they provide a financial lifeline to the country, which is under significant international sanctions. The nation’s citizens, under the strict rule of Kim Jong-un, do not question the leader’s actions. Kim has been known to launch cyberattacks to steal cryptocurrencies, particularly Bitcoin, which recently surpassed $90,000 per unit.
By utilizing these cyberattacks, North Korea is generating substantial income to sustain its military and economic needs, all while evading the impact of international sanctions.
One notable attack involves a fake recruitment email campaign, where profiles are generated by artificial intelligence. These profiles appear highly realistic, making it difficult for recipients to recognize the threat.
