Tag Archives: APT38

Beware of Fake Job Ads.

There seems to be a significant increase in incidents resulting from fake job postings. It seems that the widespread use of remote work after Covid has an effect on this. These fake ads – job scams – often manage to attract employees with remote working conditions and high salaries.

Job Scams

Lastly, North Korean APT38 (aka Lazarus) group targeted employees with fake job posting emails. The attackers were impersonating the Coinbase company and their emails appeared to be coming from Coinbase. Coinbase is one of the world’s biggest and most popular cryptocurrency exchanges.

Subject: BITCOIN JOB OPPORTUNITY 

Not familiar with BITCOIN? Then this is an opportunity for you to learn & make money. COINBASE  COMPANY ( A secure platform that makes it easy to buy, sell, and store cryptocurrency like Bitcoin, Ethereum)  seek INDIVIDUALS who can VISIT at least “one” BITCOIN ATM every week for survey.  
Weekly pay is $350. No specific time required as long as work is completed in a timely manner. 
For more information’s, Please Email Coordinator Brian at (external email address) for more information 
NOTE: Candidates should email (only) with their PERSONAL EMAIL Address for consideration. 
Sincerely,

How is it working?

What you see above is an example of an email sent by the North Korean group under the name Coinbase. Attackers firstly create fake job postings on LinkedIn and fake websites exactly the same of the original website and directs victims to these fake websites via LinkedIn and emails. When the victim gets an email after applying the job in the fake website. These emails may contain harmful files or sometimes attackers go on with social engineering with having job interviews with the victims.

Also, fake SMS is another common method. Attackers are sending SMS that appears to be from HR managers of companies.