North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks


The Democratic People’s Republic of Korea (“DPRK” aka North Korea) is conducting highly tailored, difficult-to-detect social engineering campaigns against employees of decentralized finance (“DeFi”), cryptocurrency, and similar businesses to deploy malware and steal company cryptocurrency.

North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets. North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months.

Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division


Sign up for our Newsletter


Related:

  • PseudoManuscrypt: a mass-scale spyware attack campaign

    December 16, 2021

    In June 2021, Kaspersky ICS CERT experts identified malware whose loader has some similarities to the Manuscrypt malware, which is part of the Lazarus APT group’s arsenal. In 2020, the group used Manuscrypt in attacks on defense enterprises in different countries. These attacks are described in the report “Lazarus targets defense industry with ThreatNeedle“. Curiously, the ...

  • Hive ransomware enters big league with hundreds breached in four months

    December 16, 2021

    The Hive ransomware gang is more active and aggressive than its leak site shows, with affiliates attacking an average of three companies every day since the operation became known in late June. Security researchers gleaning information straight from Hive’s administrator panel found that affiliates had breached more than 350 organizations over four months. The gang’s data leak ...

  • Lenovo laptops vulnerable to bug allowing admin privileges

    December 16, 2021

    Lenovo laptops, including ThinkPad and Yoga models, are vulnerable to a privilege elevation bug in the ImControllerService service allowing attackers to execute commands with admin privileges. The flaws are tracked as CVE-2021-3922 and CVE-2021-3969 and affect the ImControllerService component of all Lenovo System Interface Foundation versions below 1.1.20.3. When viewing the Windows services screen, this service ...

  • Suspected Iranian hackers target airline with new backdoor

    December 16, 2021

    A suspected, state-sponsored Iranian threat group has attacked an airline with a never-before-seen backdoor. On Wednesday, cybersecurity researchers from IBM Security X-Force said an Asian airline was the subject of the attack, which likely began in October 2019 until 2021. The advanced persistent threat (APT) group ITG17, also known as MuddyWater, leveraged a free workspace channel on ...

  • Owowa: the add-on that turns your OWA into a credential stealer and remote access panel

    December 14, 2021

    While looking for potentially malicious implants that targeted Microsoft Exchange servers, Kaspersky researchers identified a suspicious binary that had been submitted to a multiscanner service in late 2020. Analyzing the code, researchers determined that the previously unknown binary is an IIS module, aimed at stealing credentials and enabling remote command execution from OWA. Kaspersky named ...

  • Second Log4j vulnerability CVE 2021-45046 discovered, patch already released

    December 14, 2021

    A second vulnerability involving Apache Log4j was found on Tuesday after cybersecurity experts spent days attempting to patch or mitigate CVE-2021-44228. The description of the new vulnerability, CVE 2021-45046, says the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was “incomplete in certain non-default configurations.” “This could allow attackers… to craft malicious input data using a JNDI ...