North Korean Hackers Lazarus Group Use Facebook to Hunt Victims

north korea hackers facebook profile
Fake Facebook profiles are being used by North Korean hackers to form relationships with potential targets. Valentin Flauraud/ Reuters

A notorious North Korean hacking group is using fake Facebook profiles to hunt for potential victims, the social network has warned.

The covert campaign by hackers from the state-sponsored Lazarus Group was revealed on the same day that the U.S. government publicly blamed North Korea for the WannaCry ransomware attacks earlier this year.

"Last week, Facebook, Microsoft, and other members of the security community took joint action to disrupt the activities of a persistent, advanced threat group commonly referred to as ZINC, or the Lazarus Group," Facebook said in a statement on Tuesday, December 19.

"We deleted accounts operated by this group to make it harder for them to conduct their activities."

According to the social network, the Lazarus Group hackers used personal profiles to pose as other people in order to develop relationships with potential targets.

These exchanges may have allowed the hackers to trick Facebook users into installing malware that would allow them to hijack victims' computers.

"The Lazarus Group is a sophisticated, state-sponsored APT [Advanced Persistent Threat] group with a long history of successful destructive, disruptive, and costly attacks on worldwide targets," Patrick Wheeler, director of threat intelligence at security firm Proofpoint, said in an emailed comment to Newsweek. "State-sponsored groups are generally focussed on espionage and disruption."

lazarus group facebook profiles hackers
A collage of profile pictures makes up a wall in the break room at the new Facebook Data Center on April 19, 2012 in Forest City, North Carolina. Rainier Ehrhardt/Getty Images

North Korean hackers were recently blamed for the bankruptcy of a bitcoin exchange following cyber thefts that resulted in the loss of more than $72 million worth of bitcoins.

According to research from ProofPoint published Tuesday, the Lazarus Group was behind a number of other sophisticated cyberattacks on individuals and corporations targeting cryptocurrency exchange credentials.

In order to counter the threat posed by the Lazarus group, Microsoft has disabled accounts that it suspected to be linked to the hackers.

"If the rising tide of nation-state attacks on civilians is to be stopped, governments must be prepared to call out the countries that launch them," Brad Smith, Microsoft's president and chief legal officer, said in a statement.

"As we look to 2018, it's essential that we act with shared responsibility to strengthen further the partnerships with the security community and governments to combat cyberattacks against civilians."

Read more: China accused of using LinkedIn to spy on West

Smith added that Microsoft would continue to work with Interpol, Europol, the FBI and other law enforcement agencies to combat cybercrime.

Facebook said it is working to raise awareness of the issue among its users and will continue to collaborate with other companies to counteract the threat.

"We also notified people who may have been in contact with these accounts and gave suggestions to enhance their account security, as we have done in the past about other threat groups," Facebook said.