[블록미디어]BeInCrypto reported on the 8th (local time) that North Korea’s cyber attacks are gradually evolving and a new attack campaign targeting cryptocurrency companies has emerged.
According to SentinelLabs, a cybersecurity research company, BlueNoroff, a sub-organization of the famous North Korean hacker group Lazarus, has strengthened its attacks by using phishing emails as its main method through the ‘Hidden Risk’ campaign. I’m doing it.
Hackers send out fake news warning emails about Bitcoin prices or decentralized finance (DeFi) trends, enticing victims to click on links. This link hides a malicious application, which allows hackers to access the user’s device and steal sensitive data.
Adopt a quick attack method, breaking away from traditional approaches
North Korean hackers have traditionally preferred to build trust through social media. The attack was carried out after establishing close relationships with employees of cryptocurrency and financial companies using LinkedIn and Twitter. However, instead of this time-consuming method, the strategy changed to an email-based method of quickly distributing malicious code.
The malware used in the Hidden Risk campaign is particularly sophisticated and can bypass Apple’s security system. Bluenoff is using legitimate Apple Developer IDs to evade the macOS Gatekeeper system, raising concerns among security experts.
Growing Threats to the Crypto Industry
The cryptocurrency market, currently valued at $2.6 trillion, is a major target for North Korean hackers. The FBI recently warned that North Korean hackers are intensifying phishing and social engineering attacks targeting decentralized finance and ETF companies, and urged cryptocurrency companies to strengthen their security. In particular, he advised checking client wallet addresses against addresses associated with hackers.
Lazarus is also carrying out cryptocurrency money laundering with enhanced anonymity using privacy protocols such as RailGun to circumvent Western sanctions. The U.S. Treasury is continuing efforts to block the flow of funds by imposing sanctions on cryptocurrency mixing services such as Tornado Cash used by North Korean hackers.
Sentinel Labs advised that macOS users and cryptocurrency-related companies should strengthen their security measures, given the sophistication of the ‘Hidden Risk’ campaign. In particular, they emphasized preventive measures such as thorough malware inspection, verification of developer signatures, and prohibition of downloading suspicious email attachments.
Breaking news through Block Media Telegram (click)
Good article to read together
