September 29, 2020

North Korean hackers use European privacy laws to hide malicious code

Lazarus Group suspected of a social engineering attack that uses GDPR notice on fake job offer sent via LinkedIn

In a new twist on social engineering attacks with fake job offers, hackers linked to North Korea’s Lazarus Group used the pretense of European data protection laws to gain access to targeted computers, cybersecurity firm F-Secure warned in a report published on Tuesday. 

While recent Lazarus campaigns aimed to break into defense and aerospace companies, the attack described by F-Secure specifically targeted organizations in the cryptocurrency industry.