The Democratic People’s Republic of Korea (“DPRK” aka North Korea) is conducting highly tailored, difficult-to-detect social engineering campaigns against employees of decentralized finance (“DeFi”), cryptocurrency, and similar businesses to deploy malware and steal company cryptocurrency.
North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets. North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks
February 28, 2022
New research by the Symantec Threat Hunter team, part of Broadcom Software, has uncovered a highly sophisticated piece of malware being used by China-linked threat actors, exhibiting technical complexity previously unseen by such actors. The malware appears to be used in a long-running espionage campaign against select governments and other critical infrastructure targets. There is strong ...
- Toyota supplier reports cyberattack that halts production across Japan
February 28, 2022
Toyota has shut down production at 14 of its plants in Japan after a supplier reported a cyberattack, according to a statement provided to Reuters and the Associated Press. Toyota did not respond to multiple requests for comment but said the outages were the result of a “supplier system failure.” Kojima Industries Corp, one of the ...
- Microsoft finds FoxBlade malware on Ukrainian systems, removes RT from Windows app store
February 28, 2022
Microsoft says it found a new malware package — which it calls “FoxBlade” — hours before Russia began its invasion of Ukraine on February 24. In a blog post, Microsoft president Brad Smith said it was coordinating its efforts to protect users in Ukraine with the Ukrainian government, the European Union, European nations, the US government, ...
- Ukraine security agencies warn of Ghostwriter threat activity, phishing campaigns
February 28, 2022
The Computer Emergency Response Team for Ukraine (CERT-UA) has warned of ongoing phishing and Ghostwriter activities attacking organizations in the country. On February 26, CERT-UA said it continues to track the movements of UNC1151/Ghostwriter, which is currently attacking targets in Ukraine, Poland, Belarus, and Russia. Ghostwriter is believed to be of Belarusian origin. According to the security ...
- SMS PVA Part 2: Underground Service for Cybercriminals
February 27, 2022
In part one, Trend Micro researchers extensively discussed SMS PVA and started investigating a particular service called ReceiveCode that our team first found on a Facebook advertisement. ReceiveCode offers users access to SMS code verification sent to mobile numbers that the company has in their storage. Customers simply need to sign up to their customer-facing portal, ...
- Nvidia probes cyberattack on internal systems
February 26, 2022
Nvidia is probing what may be a ransomware infection that caused outages within its internal network. The malware is said to have taken hold in the past two days, knocking down email and developer systems. The GPU giant continues to investigate. In a statement, an Nvidia spokesperson told The Register on Friday: “Our business and commercial activities continue uninterrupted. ...

