The post North Korean Hackers Begin Campaign That Poses a ‘Hidden Danger’ to Cryptocurrency Companies appeared first on Coinpedia Fintech News
Researchers have identified a new attack campaign tagged “Hidden Risk”, it exposed that state-sponsored hackers from North Korea have shifted gears towards attacking the crypto industry which they were linked to the Lazarus Group. Unlike what these hackers used to do by profiling their targets on social networking sites, they have now adopted very complex phishing emails.
New research conducted by the cybersecurity firm, SentinelLabs showed that this change is to mask malware as it was ordinary financial reports while aiming at weak-link individuals within the crypto sphere.
The group especially BlueNoroff has been credited with defying millions of dollars to fund North Korea’s nuclear and weapons programs, especially through exploiting weaknesses in decentralised financial platforms and the whole blockchain industry.
In response, the FBI has put out alert messages asking players in the financial industry to be on guard against phishing and other social engineering by North Korean cyber actors particularly involving decentralised finance and ETF companies.
Phishing E-mails and advanced malware techniques
In a rather shocking touch, the “Hidden Risk” campaign impersonates email notifications of new articles or updates regarding the BTC and current trends in the DeFi market. These emails, originating from seemingly legitimate organisations, urge victims to click on links with promises of PDFs, which in fact install malware on the victim’s macOS computer.
In the same regard, SentinelLabs points out that this malware, avoids the company’s inherent security measures, by utilising genuine Apple Developer IDs and essentially getting around the macOS’s Gatekeeper system. Once entrenched, the malware runs in the background without ceasing, even through reboots while creating concealed links to other servers controlled by North Korea.
The complexity of this malware allows it to bypass even the most robust security measures, a new worrying trend in the Korean cyber threat landscape. SentinelLabs therefore recommends macOS users particularly those within crypto firms to tighten their security and approach any email they receive with suspicion.
Conclusion: Concerns over increasing threats in Arena
The “Hidden Risk” operation is yet another wake-up call for the crypto industry, with the DPRK as active actors not decreasing efforts and constantly improving their skills. This campaign is a sign of an even bigger problem as these kinds of cyber-attacks become more sophisticated, organisations need to continue tightening up their cybersecurity and staying forever vigilant against phishing and social engineering.