Cryptocurrency industry workers have been targeted by North Korean threat actors leveraging job lures on LinkedIn to enable RustDoor malware compromise, according to The Hacker News.
North Korean hackers' social engineering attacks involved the spoofing of a recruiter for decentralized cryptocurrency exchange STON.fi on LinkedIn to lure targets into downloading a malicious Visual Studio project claimed to be part of a coding challenge but downloads RustDoor via the "VisualStudioHelper" and "zsh_env" second-stage payloads, which function as backdoors but communicate with separate command-and-control servers, a Jamf Threat Labs report showed. Such findings should prompt increased employee training and vigilance on cybersecurity threats across the cryptocurrency sector amid increasingly sophisticated techniques leveraged by threat actors.
"These social engineering schemes performed by the DPRK come from those who are well-versed in English and enter the conversation having well researched their target," said Jamf Threat Labs researchers.