North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks


The Democratic People’s Republic of Korea (“DPRK” aka North Korea) is conducting highly tailored, difficult-to-detect social engineering campaigns against employees of decentralized finance (“DeFi”), cryptocurrency, and similar businesses to deploy malware and steal company cryptocurrency.

North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets. North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months.

Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division


Sign up for our Newsletter


Related:

  • DazzleSpy: Pro-democracy org hijacked to become macOS spyware distributor

    January 26, 2022

    Researchers have uncovered a new strain of macOS malware in targeted attacks against visitors to a Hong Kong pro-democracy radio station website. The website was used to facilitate a watering hole attack and to serve a Safari browser exploit to visitors, leading to the deployment and execution of spyware on victim machines. Dubbed DazzleSpy by ESET researchers, ...

  • New FluBot and TeaBot campaigns target Android devices worldwide

    January 26, 2022

    New FluBot and TeaBot malware distribution campaigns have been spotted, using typical smishing lures or laced apps against Android users in Australia, Germany, Poland, Spain, and Romania. The SMS topics used for spreading the FluBot malware include fake courier messages, “Is this you in this video?” coaxes, phony browser updates, and fake voicemail notifications. The most recent ...

  • Trickbot will now try to crash researcher PCs to stop reverse engineering attempts

    January 26, 2022

    The Trickbot Trojan has been revised with a new set of anti-reverse engineering features including the capability to crash computers if analysis tools are detected. Over the years, Trickbot has evolved from its original state as a banking Trojan to a wider suite of malicious components. Following the retirement of Dyre in 2016 and the disruption of ...

  • Context and Recommendations to Protect Against Malicious Activity by Iranian Cyber Group Emennet Pasargad

    January 26, 2022

    This Private Industry Notice provides a historical overview of Iran-based cyber company Emennet Pasargad’s tactics, techniques, and procedures (TTPs) to enable recipients to identify and defend against the group’s malicious cyber activities. On 20 October 2021, a grand jury in the US District Court for the Southern District of New York indicted two Iranian nationals ...

  • Vulnerability in Apple iOS, iPad OS and MacOS could lead to disclosure of sensitive memory data

    January 25, 2022

    Cisco Talos recently discovered an out-of-bounds read vulnerability in Apple’s macOS and iOS operating systems that could lead to the disclosure of sensitive memory content. An attacker could capitalize on that information to aid in the exploitation of other vulnerabilities This vulnerability specifically exists in the DDS image parsing functionality of Apple’s ImageIO library that exists ...

  • TianySpy Malware Uses Smishing Disguised as Message From Telco

    January 25, 2022

    It has been some time since SMS or text messaging has become a means to spread mobile malware. In September 2021, Trend Micro confirmed a new mobile malware infection chain targeting both Android and iPhone devices. The chain is triggered by a smishing message that appears to be sent from a telecommunications company. It is ...