North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks


The Democratic People’s Republic of Korea (“DPRK” aka North Korea) is conducting highly tailored, difficult-to-detect social engineering campaigns against employees of decentralized finance (“DeFi”), cryptocurrency, and similar businesses to deploy malware and steal company cryptocurrency.

North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets. North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months.

Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division


Sign up for our Newsletter


Related:

  • US Treasury sanctions Russian research institute behind Triton malware

    October 23, 2020

    The US Treasury Department announced sanctions today against a Russian research institute for its role in developing Triton, a malware strain designed to attack industrial equipment. Sanctions were levied today against the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (also known as CNIIHM or TsNIIKhM). A FireEye report ...

  • Wireshark Tutorial: Examining Dridex Infection Traffic

    October 23, 2020

    This tutorial is designed for security professionals who investigate suspicious network activity and review network packet captures (pcaps). Familiarity with Wireshark is necessary to understand this tutorial, which focuses on Wireshark version 3.x. Dridex is the name for a family of information-stealing malware that has also been described as a banking Trojan. This malware first appeared ...

  • Nvidia tackles code execution flaws, data leaks in GeForce Experience

    October 23, 2020

    Nvidia has resolved a trio of vulnerabilities impacting the GeForce Experience suite. GeForce Experience is software designed by Nvidia with games and live streamers in mind, including driver update management, driver optimization for gaming and graphics cards, and both video & audio capture. On October 22, Nvidia said the firm’s latest security update tackles issues found in ...

  • Phishing Attack Targets Office 365 Users

    October 22, 2020

    Researchers are warning of a phishing campaign that pretends to be an automated message from Microsoft Teams. In reality, the attack aims to steal Office 365 recipients’ login credentials. Teams is Microsoft’s popular collaboration tool, which has particularly risen in popularity among remote workforces during the pandemic – making it an attractive brand for attackers to ...

  • On the trail of the XMRig miner

    October 22, 2020

    As protection methods improve, the developers of miners have had to enhance their own creations, often turning to non-trivial solutions. Several such solutions (previously unseen by us) were detected during our analysis of the open source miner XMRig. How it all began: ransominer Alongside well-known groups that make money from data theft and ransomware (for example, Maze, ...

  • EU sanctions Russian hackers over 2015 German parliament attack

    October 22, 2020

    The Council of the European Union today announced sanctions imposed on Russian military intelligence officers part of the 85th Main Centre for Special Services (GTsSS) for their involvement in a 2015 hack of the German Federal Parliament (Deutscher Bundestag). EU’s sanctions include both travel bans and asset freezes and also block EU organizations and individuals from ...