Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
North Korean Hackers Shift Tactics to Target Crypto Firms

North Korean Hackers Shift Tactics to Target Crypto Firms

BeInCryptoBeInCrypto2024/11/08 04:19
By:Lockridge Okoth

North Korean hackers are using phishing emails in a new campaign targeting cryptocurrency firms, bypassing security protocols to deliver malware.

North Korean hackers have shifted their methods in an escalation of their cyber warfare tactics. They now employ phishing emails as a primary tool to target cryptocurrency firms.

A recent report by cybersecurity research firm SentinelLabs linked this shift to BlueNoroff, a notorious subgroup within the Lazarus Group.

North Korean Hackers Pivot to Phishing in ‘Hidden Risk’ Campaign

BlueNoroff is popular for extensive cybercrimes aimed at funding North Korea’s nuclear and weapons initiatives. The new campaign, dubbed ‘Hidden Risk,’ reveals a strategic pivot from social media grooming to more direct, email-based infiltration.

Hackers have intensified their efforts in the ‘Hidden Risk’ campaign by using highly targeted phishing emails. Disguised as crypto news alerts on Bitcoin prices or updates on decentralized finance (DeFi) trends, these emails lure recipients into clicking on seemingly legitimate links. Once clicked, these links deliver malware-laden applications to users’ devices, giving attackers direct access to sensitive corporate data.

“The campaign, which we dubbed ‘Hidden Risk’, uses emails propagating fake news about cryptocurrency trends to infect targets via a malicious application disguised as a PDF file,” the report read.

The malware in the ‘Hidden Risk’ campaign is notably sophisticated, effectively bypassing Apple’s built-in security protocols. Using legitimate Apple Developer IDs, it evades macOS’s Gatekeeper system, which has sparked significant concern among cybersecurity experts.

North Korean hackers have traditionally relied on elaborate social media grooming to establish trust with employees at crypto and financial firms. Engaging with targets on platforms like LinkedIn and Twitter, they created the illusion of legitimate professional relationships. While effective, this patient method was time-consuming, prompting a shift towards quicker, malware-based tactics.

North Korea’s hacking activities have intensified as the cryptocurrency sector continues to grow. Currently valued at over $2.6 trillion, the crypto space is an attractive target for North Korean state-sponsored hackers. SentinelLabs’ report highlights how this environment is particularly susceptible to cyber-attacks, making it a lucrative hunting ground for Lazarus.

A Growing Threat to the Crypto Industry

According to a recent FBI warning, North Korean hackers have been focusing on DeFi and exchange-traded fund (ETF) firms. They leverage social engineering and phishing campaigns aimed directly at employees within these sectors. The warnings have urged firms to bolster their security protocols and have particularly advised on the need to crosscheck client wallet addresses against known hacker-linked addresses.

BeInCrypto also reported how the Lazarus Group has learned to circumvent Western sanctions. They manipulated loopholes in international regulations to facilitate crypto-based money laundering. A significant milestone in this timeline was the utilization of the RailGun privacy protocol, which provides anonymous transactions on the Ethereum blockchain.

The US government has not been passive in response to North Korea’s escalated cyber campaigns. The Treasury Department sanctioned crypto mixing service Tornado Cash, citing its role in aiding North Korean hackers in obscuring illicit transactions. Tornado Cash, similar to RailGun, allows users to anonymize cryptocurrency movements, providing hackers with a powerful tool to cover their tracks.

The sanctions were part of a broader crackdown, highlighting how North Korea’s crypto-related activities are becoming a significant point of focus for Western governments. The timing of these sanctions aligns with North Korea’s intensified activities in the crypto sector, especially through Lazarus.

Given the sophistication of the new ‘Hidden Risk’ campaign, SentinelLabs advises macOS users and organizations, particularly those involved in cryptocurrency, to heighten security measures. They recommend that companies conduct thorough malware scans, cross-check developer signatures, and avoid downloading attachments from unsolicited emails.

These proactive steps are essential to safeguard against increasingly complex malware designed to stay hidden within systems.

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like

Donald Trump Allegedly to Appoint Another Cryptocurrency Industry Figure to a High-Level Position in His Administration

US President-elect Donald Trump will allegedly include another cryptocurrency friend in the new administration.

Bitcoinsistemi2024/11/24 23:55

Bitcoin’s Epic Rise Panics the Owner of the Largest Gold ETF – He Talks About BTC

Following the recent major increase in the Bitcoin price, statements came from the owner of the gold ETF.

Bitcoinsistemi2024/11/24 23:55