Specifically, in what is the latest variant of a hacking campaign dubbed ‘Operation In(ter)ception,’ the hackers have been luring macOS users with enticing job offers at crypto exchange Crypto.com, the cybersecurity company SentinelOne said on September 26.
How the attacks were carried out
In the orchestrated attack, the hackers have disguised malware as job postings from the popular crypto exchanges, using well-designed and legit-looking decoy PDF documents advertising vacancies for positions such as Art Director – Concept Art (NFT) in Singapore. Detailing the hacker campaign, SentinelOne said that: According to the company’s report, the group has done the same thing back in August 2022, but this time using the fake job postings at the Coinbase crypto exchange, as spotted by researchers at another cybersecurity firm – ESET.
Malicious history of the Lazarus Group
Since 2020, the Lazarus Group has been connected with a number of enticing job offerings used to lure in their victims, including in aerospace and defense industries, in a campaign referred to as ‘Operation Dream Job’ where the primary targets were Windows users. The group has also been involved in multiple thefts in the crypto industry, including the attack on Harmony network’s Horizon bridge in June, which forced the blockchain company to mint over 2 billion ONE tokens in an effort to compensate about 65,000 victims of the $100 million hack. Meanwhile, the mixing service Tornado Cash has been implicated in the scandal in which the United States Treasury Department alleged that it was used by multiple hacker groups, including the Lazarus Group, to launder stolen assets, as Finbold reported.
