Cybersecurity News that Matters

Cybersecurity News that Matters

North Korean hackers target LinkedIn users with fake Chinese profile

Designed by Areum Hwang, The Readable

by Kuksung Nam

Apr. 30, 2024
9:05 PM GMT+9

A North Korean hacking group allegedly disguised itself as a Chinese investor on a social media platform, employing this guise to lure victims into engaging with phishing attacks.

According to the blockchain security firm SlowMist, the Lazarus group allegedly crafted a fraudulent account on LinkedIn named “Nevil Bolson.” Purporting to be an investor and entrepreneur, the user represented himself as a founding partner at the Chinese venture capital firm “Fenbushi Capital.” The imposter replicated the legitimate profile of a Fenbushi Capital partner, making minor alterations to the description section and even using an identical profile photo to enhance its appearance of legitimacy.

The fake LinkedIn profile created by the Lazarus group. Source: SlowMist

SlowMist’s Chief Information Security Officer emphasized that LinkedIn served as a crucial tool for the North Korean hacking group to orchestrate phishing attacks against their targets. In an email statement dated April 30, the CISO highlighted that the hackers leveraged the bogus profile to discreetly engage their victims in conversation, often by discussing investment opportunities. Once they captured the users’ interest, the hackers arranged online meetings where unsuspecting targets were duped into downloading malicious code.

On April 24, the CISO additionally revealed details about the Lazarus group’s maneuvers on the business-oriented online platform. Through their account, dubbed X, the CISO disclosed that the North Korean hacking group targeted human resources personnel via LinkedIn, posing as job seekers skilled in coding. The malicious actors shared code samples to showcase their proficiency and encouraged their victims to execute them. Through this tactic, the CISO remarked, they aimed to “acquire employee privileges or assets through malware.”

The South Korean intelligence agency has sounded the alarm regarding the North Korean hacking group’s social engineering attack. In collaboration with their counterpart, the Federal Office for the Protection of the Constitution (BfV) of Germany, they issued a joint security advisory last February. “We believe that the Lazarus group has been employing social engineering tactics to infiltrate the defense industry since mid-2020,” stated the National Intelligence Service (NIS) in a press release.

As per the NIS report, the Lazarus group adopted the guise of recruiters on social media platforms like LinkedIn, specifically targeting individuals within the defense industry. Their strategy centered on building trust with potential victims. Under the pretext of offering career advice or consultation, the hackers directed their targets to alternative platforms like Telegram, where they were persuaded to download malicious code. “We believe that the Lazarus group has been utilizing social engineering tactics to infiltrate the defense industry since mid-2020,” the NIS emphasized.


Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Kuksung Nam
    : Author

    Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and...

    View all posts
Stay Ahead with The Readable's Cybersecurity Insights