In a recent development, cybersecurity experts have identified a new modus operandi the notorious Lazarus Group member, Sapphire Sleet. Known for their involvement in cryptocurrency thefts through scams and phishing attempts, Sapphire Sleet has taken a novel approach targeting LinkedIn users.

Previously, the group would initiate contact with their victims through various lures related to skills assessments. However, Microsoft reports that Sapphire Sleet has now established fake skills testing sites and recruiting portals, impersonating legitimate platforms. These fraudulent websites require unsuspecting users to create accounts, providing an opportunity for hackers to gather sensitive personal information and login credentials.

Microsoft has already taken action to counter these malicious activities blocking numerous domains associated with Sapphire Sleet’s operations. These domains, many of which are password-protected to avoid detection and analysis, are now flagged Microsoft Defender SmartScreen and Network Protection.

The shift to fake skills assessment portals suggests that Sapphire Sleet is adapting their tactics due to the increased detection and takedown of their previous malicious attachments and links. By specifically targeting LinkedIn users based on their expertise and experience, the group aims to lure potential victims into believing they are participating in legitimate skills tests.

In response to this emerging threat, Microsoft advises LinkedIn users, particularly those in IT and recruiting roles, to exercise caution when receiving unsolicited messages containing links or skill assessment offers. It is crucial for users to verify the authenticity of any websites before sharing login credentials or sensitive information.

The Lazarus Group, also known as Hidden Cobra, gained notoriety in 2014 when it orchestrated a cyberattack on Sony Pictures in response to the film “The Interview.” This group is believed to have strong connections with the North Korean government, and it later shifted its focus towards cryptocurrency thefts. In 2021 alone, the group is estimated to have stolen approximately $400 million in various cryptocurrencies.

Furthermore, the Lazarus Group was responsible for the Ronin hack in March 2022, resulting in the theft of over $600 million in ethereum and USDC stablecoins.

