North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks


The Democratic People’s Republic of Korea (“DPRK” aka North Korea) is conducting highly tailored, difficult-to-detect social engineering campaigns against employees of decentralized finance (“DeFi”), cryptocurrency, and similar businesses to deploy malware and steal company cryptocurrency.

North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets. North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months.

Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division


Sign up for our Newsletter


Related:

  • Potential hack for some Boeing planes fixed

    August 12, 2022

    A digital vulnerability in the computer systems used on some Boeing Co aircraft that could have allowed malicious hackers to modify data and cause pilots to make dangerous miscalculations has been fixed, security researchers said on Friday. Older versions of a digital tool used to calculate landing and take-off speeds on some aircraft could be tampered ...

  • Chinese hackers backdoor chat app with new Linux, macOS malware

    August 12, 2022

    Versions of a cross-platform instant messenger application focused on the Chinese market known as ‘MiMi’ have been trojanized to deliver a new backdoor (dubbed rshell) that can be used to steal data from Linux and macOS systems. SEKOIA’s Threat & Detection Research Team says that the app’s macOS 2.3.0 version has been backdoored for almost four ...

  • UK: Ransomware attack on NHS systems could take weeks to fix, major IT provider warns

    August 11, 2022

    A cyberattack that hit a major IT provider for the NHS and severely affected the 111 service involved ransomware and could take up to four weeks to fix, it has emerged. Advanced, which supplies vital systems for the NHS, said it suffered a cyber breach around 7am on 4 August which has now been contained. The attack ...

  • Cisco admits corporate network compromised by gang with links to Lapsus$

    August 11, 2022

    Cisco disclosed on Wednesday that its corporate network was accessed by cyber-criminals in May after an employee’s personal Google account was compromised – an act a ransomware gang named “Yanluowang” has now claimed as its work. The world’s largest networking vendor disclosed the months-old compromise after a list of files accessed during the incident appeared on ...

  • #StopRansomware: Zeppelin Ransomware

    August 11, 2022

    The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Zeppelin ransomware IOCs and TTPs associated with ransomware variants identified through FBI investigations as recently as 21 June 2022. The FBI and CISA encourage organizations to implement the recommendations in the Mitigations section ...

  • Automotive supplier breached by 3 ransomware gangs in 2 weeks

    August 10, 2022

    An automotive supplier had its systems breached and files encrypted by three different ransomware gangs over two weeks in May, two of the attacks happening within just two hours. The attacks followed an initial breach of the company’s systems by a likely initial access broker (IAB) in December 2021, who exploited a firewall misconfiguration to breach ...