North Korean hackers have chosen a new tactic to continue their cyber war with the rest of the world. They are now attacking cryptocurrency companies with phishing emails
Analysts from SentinelLabs have discovered that a hacker group from North Korea has changed its approach to cyberattacks. Experts attribute this shift to BlueNoroff, a subgroup within Lazarus.
Lazarus is in the scam business
The BlueNoroff subgroup is predominantly known for conducting large-scale cyberattacks to fund North Korea's nuclear and military programs. In a new campaign called “Hidden Risk,” or “Hidden Threat,” they have shifted from using social media to a more direct method - hacking through emails.
BlueNoroff hackers are actively sending out phishing emails targeting specific individuals. Often these emails are disguised as news about bitcoin prices or updates on trends in #decentralizedfinance (DeFi).
The topics seem interesting and the links seem safe. However, after clicking on them, malicious applications are downloaded to users' devices. In this way, attackers gain direct access to sensitive corporate data.
PDF of the phishing email from BlueNoroff hackers. Source: SentinelLabs
“In a campaign we have dubbed ‘Hidden Threat,’ hackers spread fake news about trends in the cryptocurrency world to infect users with malware disguised as a PDF file,” the report said.
According to analysts, the malware developed by BlueNoroff hackers is highly sophisticated. It bypasses even Apple's built-in security protocols. Therefore, experts recommend users and organizations working with macOS and digital assets to strengthen their security measures.
DL News recently conducted an investigation that uncovered another new Lazarus fraud scheme. Attackers are creating fake resumes that are virtually indistinguishable from real ones and actively sending them out to cryptocurrency companies.
Some undercover employees earn up to $60,000 per month. Those whose salaries are higher than this amount keep only 30% of their paychecks. The rest of the money hackers have to hand over to the state, the journalists found out.
