North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks


The Democratic People’s Republic of Korea (“DPRK” aka North Korea) is conducting highly tailored, difficult-to-detect social engineering campaigns against employees of decentralized finance (“DeFi”), cryptocurrency, and similar businesses to deploy malware and steal company cryptocurrency.

North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets. North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months.

Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division


Sign up for our Newsletter


Related:

  • Lazarus malware strikes South Korean supply chains

    November 16, 2020

    Lazarus malware has been tracked in new campaigns against South Korean supply chains, made possible through stolen security certificates. On Monday, cybersecurity researchers from ESET revealed the abuse of the certificates, stolen from two separate, legitimate South Korean companies. Lazarus, also known as Hidden Cobra, is an umbrella term for select threat groups — including offshoot entities ...

  • Malicious Actors Target Comm Apps such as Zoom, Slack, Discord

    November 16, 2020

    In our 2020 midyear report, we discussed how the Covid-19 pandemic had forced many organizations to shift from physical offices to virtual ones — a change that also led to the rise of messaging and video conferencing apps as indispensable tools for communication. While these apps have provided businesses a way of maintaining communication between ...

  • DarkSide ransomware’s Iranian hosting raises U.S. sanction concerns

    November 15, 2020

    Ransomware negotiation firm Coveware has placed the DarkSide operation on an internal restricted list after the threat actors announced plans to host infrastructure in Iran. When the DarkSide ransomware operation encrypts a network, their affiliates steal unencrypted files, which they threaten to release if a ransom is not paid. This double-extortion strategy is always under attack by ...

  • New TroubleGrabber Discord malware steals passwords, system info

    November 13, 2020

    TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators. Several threat actors use the new info stealer to target gamers on Discord servers and to steal their passwords and other sensitive information. Its capabilities are similar to another malware strain dubbed ...

  • Manufacturing is becoming a major target for ransomware attacks

    November 13, 2020

    Ransomware has become a major threat to the manufacturing industry as cyber-criminal groups increasingly take an interest in targeting the industrial control systems (ICS) that manage operations. According to analysis by cybersecurity researchers at security company Dragos, the number of publicly recorded ransomware attacks against manufacturing has tripled in the last year alone. While a lot of ...

  • Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

    November 13, 2020

    Three nation-state cyberattack groups are actively attempting to hack companies involved in COVID-19 vaccine and treatment research, researchers said. Russia’s APT28 Fancy Bear, the Lazarus Group from North Korea and another North Korea-linked group dubbed Cerium are believed to be behind the ongoing assaults. According to Tom Burt, corporate vice president of Customer Security and Trust ...