The Democratic People’s Republic of Korea (“DPRK” aka North Korea) is conducting highly tailored, difficult-to-detect social engineering campaigns against employees of decentralized finance (“DeFi”), cryptocurrency, and similar businesses to deploy malware and steal company cryptocurrency.
North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets. North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Indicators of Compromise Associated with LockBit 2.0 Ransomware
February 4, 2022
LockBit 2.0 operates as an affiliate-based Ransomware-as-a-Service (RaaS) and employs a wide variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation. LockBit 2.0 ransomware compromises victim networks through a variety of techniques, including, but not limited to, purchased access, unpatched vulnerabilities, insider access, and zero day exploits. After compromising a victim ...
- Airport services firm Swissport reports ransomware incident
February 4, 2022
Swiss airport management service Swissport reported a ransomware attack affecting its IT systems on Friday. The company said the ransomware attack targeted its IT infrastructure. The group behind the attack was not named. Also: Prosecutors investigating cyberattacks affecting multiple Belgian and Dutch ports “The attack has been largely contained, and we are working actively to fully resolve the ...
- Operation EmailThief: Zero-day XSS vulnerability in Zimbra email platform revealed
February 4, 2022
Researchers have uncovered an active campaign exploiting a zero-day vulnerability in the Zimbra email platform. Zimbra is an email platform available under an open source license. According to the developer, the platform supports hundreds of millions of mailboxes located in 140 countries. On February 3, cybersecurity researchers from Volexity, Steven Adair and Thomas Lancaster, said the system ...
- What Does an Internal Attack Resulting in a Data Breach Look Like in Today’s Threat Landscape?
February 3, 2022
A common scenario is one in which an attacker gains access to an internal network via a compromised workstation that has been infected with malware, invariably via a social engineering email attack. No enterprise is immune to this type of insider attack. We all, at some point, took the bait and clicked unsolicited links masquerading ...
- Codex Exposed: Helping Hackers in Training?
February 3, 2022
In June 2020, OpenAI released version 3 of its Generative Pre-trained Transformer (GPT-3), a natural language transformer that took the tech world by storm with its uncanny ability to generate text seemingly written by humans. But GPT-3 was also trained on computer code, and recently OpenAI released a specialized version of its engine, named Codex, ...
- The evolution of a Mac trojan: UpdateAgent’s progression
February 3, 2022
Discovery and analysis by Microsoft researchers of a sophisticated Mac trojan in October exposed a year-long evolution of a malware family—and depicts the rising complexity of threats across platforms. The trojan, tracked as UpdateAgent, started as a relatively basic information-stealer but was observed distributing secondary payloads in the latest campaign, a capability that it added ...

