Cryptocurrency industry workers have been targeted by North Korean threat actors leveraging job lures on LinkedIn to enable RustDoor malware compromise, according to The Hacker News.
North Korean hackers' social-engineering attacks involved the spoofing of a recruiter for decentralized cryptocurrency exchange STON.fi on LinkedIn to lure targets into downloading a malicious Visual Studio project claimed to be part of a coding challenge but downloads RustDoor via the "VisualStudioHelper" and "zsh_env" second-stage payloads, which function as backdoors but communicate with separate command-and-control servers, a Jamf Threat Labs report showed.Such findings should prompt increased employee training and vigilance on cybersecurity threats across the cryptocurrency sector amid increasingly sophisticated techniques leveraged by threat actors."These social-engineering schemes performed by the DPRK come from those who are well-versed in English and enter the conversation having well researched their target," said Jamf Threat Labs researchers.
North Korean hackers' social-engineering attacks involved the spoofing of a recruiter for decentralized cryptocurrency exchange STON.fi on LinkedIn to lure targets into downloading a malicious Visual Studio project claimed to be part of a coding challenge but downloads RustDoor via the "VisualStudioHelper" and "zsh_env" second-stage payloads, which function as backdoors but communicate with separate command-and-control servers, a Jamf Threat Labs report showed.Such findings should prompt increased employee training and vigilance on cybersecurity threats across the cryptocurrency sector amid increasingly sophisticated techniques leveraged by threat actors."These social-engineering schemes performed by the DPRK come from those who are well-versed in English and enter the conversation having well researched their target," said Jamf Threat Labs researchers.
