North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks


The Democratic People’s Republic of Korea (“DPRK” aka North Korea) is conducting highly tailored, difficult-to-detect social engineering campaigns against employees of decentralized finance (“DeFi”), cryptocurrency, and similar businesses to deploy malware and steal company cryptocurrency.

North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets. North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months.

Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division


Sign up for our Newsletter


Related:

  • SMS PVA Services’ Use of Infected Android Phones Reveals Flaws in SMS Verification

    February 15, 2022

    There has been an increase in short message service (SMS) phone-verified account (PVA) services in the last two years. SMS PVA services provide alternative mobile numbers that customers can use to register for online services and platforms. These types of services help circumvent the SMS verification mechanisms widely used by online platforms and services to ...

  • Squirrelwaffle, Microsoft Exchange Server vulnerabilities exploited for financial fraud

    February 15, 2022

    The combination of Squirrelwaffle, ProxyLogon, and ProxyShell against Microsoft Exchange Servers is being used to conduct financial fraud through email hijacking. On Tuesday, researchers from Sophos revealed a recent incident in which a Microsoft Exchange Server, which had not been patched to protect it against a set of critical vulnerabilities disclosed last year, was targeted to ...

  • Ukraine: Websites of some banks and ministries are under a cyberattack

    February 15, 2022

    According to local media, hackers are now attacking a number of sites in Ukraine. Several banks and the website of the Ministry of Defense are under DDoS attack. “Ukrainska Pravda” citing sources in the Ukrainian government understands that a powerful DDoS attack affected Privatbank and Oschadbank banks, as well as the Ministry of Defense and the ...

  • Patch now: Adobe releases emergency fix for exploited Commerce,  Magento zero-day

    February 14, 2022

    Adobe has released an emergency patch to tackle a critical bug that is being exploited in the wild. On February 13, the tech giant said that the vulnerability impacts Adobe Commerce and Magento Open Source, and according to the firm’s threat data, the security flaw is being weaponized “in very limited attacks targeting Adobe Commerce merchants.” Tracked as CVE-2022-24086, ...

  • Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa

    February 11, 2022

    Critical security vulnerabilities in Moxa’s MXview web-based network management system open the door to an unauthenticated remote code execution (RCE) as SYSTEM on any unpatched MXview server, researchers warned this week. The five bugs, affecting versions 3.x to 3.2.2, score a collective 10 out of 10 on the CVSS vulnerability-severity scale, according to Claroty’s Team82 research ...

  • Croatian phone carrier data breach impacts 200,000 clients

    February 11, 2022

    Croatian phone carrier ‘A1 Hrvatska’ has disclosed a data breach exposing the personal information of 10% of its customers, roughly 200,000 people. The announcement does not provide many details other than that they suffered a cybersecurity incident involving the unauthorized access of one of their user databases, which contained sensitive personal information. The type of information that ...