North Korean hacker group Lazarus is using LinkedIn to target vulnerable users and steal their assets via targeted malware attacks.

The incident came to light after blockchain security analytics firm SlowMist revealed that Lazarus group hackers are pretending to look for jobs as blockchain developers in the cryptocurrency industry through LinkedIn.

SlowMist claimed hackers steal confidential employee credentials after inviting access to their repository to run relevant code. The code snippets the hacker runs contain malicious code that steals confidential information and assets.

Using LinkedIn for targeted attacks is not a new method, and the North Korean hacker group used a similar tactic in December 2023, posing as a fake Meta recruiter.

After contacting victims via LinkedIn, the fake recruiter requested that the targeted “applicants” download two coding challenges as part of the hiring procedure. These two coding files contained malware, and when they were run on a work computer, they released a Trojan that allowed remote access.

Lazarus has stolen over $3 billion in crypto assets. It is among the most notorious and organized hacking groups that first surfaced in 2009 and continues to target crypto firms despite numerous sanctions against i.

Lazarus is known for using innovative ways to target and steal funds. In August 2023, the group used fake job interviews to steal $37 million from crypto payment firm CoinPaid. The hackers attempted to infiltrate CoinsPaid infrastructure by targeting individuals through fake high-salary job offers.

Related: US Treasury sanctions crypto mixer Sinbad, alleging North Korea ties

The group has been behind some of the biggest heists in the crypto industry. The 2022 Ronin Bridge hack is its biggest, with $625 million stolen.

The hacker group often uses crypto mixing services to launder its stolen funds back to North Korea, which, according to many reports, are used to fund the country’s military operations.

Although crypto firms are often the target of hacker groups, the decentralized nature of blockchain makes it difficult for them to move their funds. Once identified, they are often tracked and blocked with the help of crypto platforms.

In February 2023, Huobi and Binance froze $1.4 million worth of crypto assets linked to North Korea. Similarly, $63 million worth of assets linked to the Harmony Bridge hack was also frozen by crypto exchanges.

Magazine: Deposit risk: What do crypto exchanges really do with your money?