North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks


The Democratic People’s Republic of Korea (“DPRK” aka North Korea) is conducting highly tailored, difficult-to-detect social engineering campaigns against employees of decentralized finance (“DeFi”), cryptocurrency, and similar businesses to deploy malware and steal company cryptocurrency.

North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets. North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months.

Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division


Sign up for our Newsletter


Related:

  • Bluetooth Bugs Open Billions of Devices to DoS, Code Execution

    September 2, 2021

    Researchers have disclosed a group of 16 different vulnerabilities collectively dubbed BrakTooth, which impact billions of devices that rely on Bluetooth Classic (BT) for communication. According to an academic paper from the University of Singapore, the bugs are found in the closed commercial BT stack used by at least 1,400 embedded chip components, that can lead ...

  • Cisco Releases Security Updates for Cisco Enterprise NFVIS

    September 2, 2021

    Cisco has released security updates to address a critical vulnerability affecting Cisco Enterprise Network Function Virtualization Infrastructure Software (NFVIS) Release 4.5.1. A remote attacker could exploit this vulnerability to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • QakBot technical analysis

    September 2, 2021

    QakBot, also known as QBot, QuackBot and Pinkslipbot, is a banking Trojan that has existed for over a decade. It was found in the wild in 2007 and since then it has been continually maintained and developed. In recent years, QakBot has become one of the leading banking Trojans around the globe. Its main purpose is ...

  • In space, no one can hear cyber security professionals scream

    September 2, 2021

    “Space is an invaluable domain, but it is also increasingly crowded and particularly susceptible to a range of cyber vulnerabilities and threats.” That’s not an overblown sci-fi movie strapline, but rather the chilling words of Gina Galasso, managing director of The Aerospace Corporation UK, a member of the international collaborative organisation, Space ISAC (the Space Information ...

  • UK VoIP telco receives ‘colossal ransom demand’

    September 2, 2021

    Two UK VoIP operators have had their services disrupted over the last couple of days by ongoing, aggressive DDoS attacks. South Coast-based Voip Unlimited has confirmed it has been slapped with a “colossal ransom demand” after being hit by a sustained and large-scale DDoS attack it believes originated from the Russian cybercriminal gang REvil. This morning, it ...

  • WhatsApp patches vulnerability related to image filter functionality

    September 2, 2021

    Check Point Research has announced the discovery of a vulnerability in the popular messaging platform WhatsApp that allowed attackers to read sensitive information from WhatsApp’s memory. WhatsApp acknowledged the issue and released a security fix for it in February. The messaging platform — considered the most popular globally with about two billion monthly active users — had ...