Lazarus Lures Victims with Coinbase Job Themes

Industry: Technology | Level: Strategic | Source: BleepingComputer

North Korean threat group, Lazarus’s latest phishing campaign attempts to lure victims with job opportunities at Coinbase. Sample phishing documents were discovered by Hossein Jazi, a threat intel researcher at Malwarebytes revealing Lazarus is attempting to target victims seeking positions in "Engineering  Management" or "Product Security." Victims who tried to download the PDF for the job description details, obtain an executable file masquerading as the PDF. The threat actors utilize GitHub for its command and control. As shared by Jazi to BleepingComputer "Lazarus follows similar tactics and methods to infect their targets with malware, and the individual phishing campaigns feature infrastructure overlaps." Lazarus has frequently targeted victims with themes of lucrative job opportunities at well-established companies such as Boeing, BAE, General Dynamics, and Lockheed Martin. Researchers from ClearSky tracked an operation from June 2020 to August 2020, with Lazarus targeting companies in government and defense labeling the campaign operation "Dream Job."

‍