North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks


The Democratic People’s Republic of Korea (“DPRK” aka North Korea) is conducting highly tailored, difficult-to-detect social engineering campaigns against employees of decentralized finance (“DeFi”), cryptocurrency, and similar businesses to deploy malware and steal company cryptocurrency.

North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets. North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months.

Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division


Sign up for our Newsletter


Related:

  • Avast says hackers breached internal network through compromised VPN profile

    October 21, 2019

    Czech cyber-security software maker Avast disclosed today a security breach that impacted its internal network. In a statement published today, the company said it believed the attack’s purpose was to insert malware into the CCleaner software, similar to the infamous CCleaner 2017 incident. Avast said the breach occurred because the attacker compromised an employee’s VPN credentials, gaining access ...

  • Researchers find stealthy MSSQL server backdoor developed by Chinese cyberspies

    October 21, 2019

    Chinese cyberspies have developed malware that alters Microsoft SQL Server (MSSQL) databases and creates a backdoor mechanism that can let hackers connect to any account by using a “magic password.” Furthermore, as an added benefit, the backdoor also hides user sessions inside the database’s connection logs every time the “magic password” is used, helping hackers remain ...

  • Major Airport Malware Attack Shines a Light on OT Security

    October 18, 2019

    A cryptomining infection managed to spread to half of all workstations at a major international airport in Europe – shining a spotlight on security for operational tech and IT convergence. Researchers at Cyberbit found the XMRig Monero mining malware, which was a known strain called “Playerz,” but which skated by antivirus solutions on the endpoints by adding a ...

  • Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks

    October 18, 2019

    Previously undocumented group hits IT providers in the Middle East. A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers’ customers. The group, which we are calling Tortoiseshell, has been active ...

  • Phorpiex Botnet Shifts Gears From Ransomware to Sextortion

    October 17, 2019

    A  recent wide-scale campaign indicates that a decade-old botnet is shifting gears from distributing ransomware to delivering millions of sextortion threats to innocent recipients. Worse, researchers say that the botnet’s spam campaign can affect up to 27 million potential victims. The botnet, Phorpiex, has been active for almost a decade and currently controls almost 500,000 computers globally. The ...

  • Equipping the Education Sector With Threat Intelligence to Defend Against Cyberattacks

    October 17, 2019

    When you think about sophisticated cyberattacks, certain targeted industries probably come to mind immediately — government, critical infrastructure, and financial services, to name a few. It’s fair to say that for most people, the education sector isn’t generally first on that list. Despite this, educational institutions (particularly those in higher education) have become an increasingly popular ...