Lazarus Group Targets Crypto Firms with Novel Social Engineering Scheme

The North Korean-linked Lazarus Group is employing a new social engineering tactic to infiltrate cryptocurrency firms. According to SlowMist's CISO, 23pds, the group sends victims cryptocurrency payments to gain trust before deploying malicious code. This approach, unlike traditional cyberattacks, manipulates human behavior, targeting employees via GitHub and chat tools. In 2024, North Korean hackers stole $1.34 billion from the crypto sector, a 103% increase from 2023. Crypto firms are urged to strengthen internal security and train employees to recognize these deceptive tactics.