Trusted

North Korean Hackers Shift Tactics to Target Crypto Firms

3 mins
Updated by Daria Krasnova
Join our Trading Community on Telegram

In Brief

  • North Korean hackers have pivoted to phishing emails in a new campaign to infiltrate cryptocurrency firms.
  • BlueNoroff, part of Lazarus Group, uses crypto-related phishing to deliver malware bypassing Apple security measures.
  • The crypto sector’s lack of regulation and value make it a prime target for state-sponsored cyber thefts.
  • promo

North Korean hackers have shifted their methods in an escalation of their cyber warfare tactics. They now employ phishing emails as a primary tool to target cryptocurrency firms.

A recent report by cybersecurity research firm SentinelLabs linked this shift to BlueNoroff, a notorious subgroup within the Lazarus Group.

North Korean Hackers Pivot to Phishing in ‘Hidden Risk’ Campaign

BlueNoroff is popular for extensive cybercrimes aimed at funding North Korea’s nuclear and weapons initiatives. The new campaign, dubbed ‘Hidden Risk,’ reveals a strategic pivot from social media grooming to more direct, email-based infiltration.

Hackers have intensified their efforts in the ‘Hidden Risk’ campaign by using highly targeted phishing emails. Disguised as crypto news alerts on Bitcoin prices or updates on decentralized finance (DeFi) trends, these emails lure recipients into clicking on seemingly legitimate links. Once clicked, these links deliver malware-laden applications to users’ devices, giving attackers direct access to sensitive corporate data.

“The campaign, which we dubbed ‘Hidden Risk’, uses emails propagating fake news about cryptocurrency trends to infect targets via a malicious application disguised as a PDF file,” the report read.

The malware in the ‘Hidden Risk’ campaign is notably sophisticated, effectively bypassing Apple’s built-in security protocols. Using legitimate Apple Developer IDs, it evades macOS’s Gatekeeper system, which has sparked significant concern among cybersecurity experts.

North Korean hackers have traditionally relied on elaborate social media grooming to establish trust with employees at crypto and financial firms. Engaging with targets on platforms like LinkedIn and Twitter, they created the illusion of legitimate professional relationships. While effective, this patient method was time-consuming, prompting a shift towards quicker, malware-based tactics.

North Korea’s hacking activities have intensified as the cryptocurrency sector continues to grow. Currently valued at over $2.6 trillion, the crypto space is an attractive target for North Korean state-sponsored hackers. SentinelLabs’ report highlights how this environment is particularly susceptible to cyber-attacks, making it a lucrative hunting ground for Lazarus.

A Growing Threat to the Crypto Industry

According to a recent FBI warning, North Korean hackers have been focusing on DeFi and exchange-traded fund (ETF) firms. They leverage social engineering and phishing campaigns aimed directly at employees within these sectors. The warnings have urged firms to bolster their security protocols and have particularly advised on the need to crosscheck client wallet addresses against known hacker-linked addresses.

BeInCrypto also reported how the Lazarus Group has learned to circumvent Western sanctions. They manipulated loopholes in international regulations to facilitate crypto-based money laundering. A significant milestone in this timeline was the utilization of the RailGun privacy protocol, which provides anonymous transactions on the Ethereum blockchain.

The US government has not been passive in response to North Korea’s escalated cyber campaigns. The Treasury Department sanctioned crypto mixing service Tornado Cash, citing its role in aiding North Korean hackers in obscuring illicit transactions. Tornado Cash, similar to RailGun, allows users to anonymize cryptocurrency movements, providing hackers with a powerful tool to cover their tracks.

The sanctions were part of a broader crackdown, highlighting how North Korea’s crypto-related activities are becoming a significant point of focus for Western governments. The timing of these sanctions aligns with North Korea’s intensified activities in the crypto sector, especially through Lazarus.

Given the sophistication of the new ‘Hidden Risk’ campaign, SentinelLabs advises macOS users and organizations, particularly those involved in cryptocurrency, to heighten security measures. They recommend that companies conduct thorough malware scans, cross-check developer signatures, and avoid downloading attachments from unsolicited emails.

These proactive steps are essential to safeguard against increasingly complex malware designed to stay hidden within systems.

Best crypto platforms in Europe | January 2025
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
Chain GPT Chain GPT Explore
Best crypto platforms in Europe | January 2025
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
Chain GPT Chain GPT Explore
Best crypto platforms in Europe | January 2025

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Lockridge-Okoth.png
Lockridge Okoth
Lockridge Okoth is a journalist at BeInCrypto, focusing on prominent industry companies such as Coinbase, Binance, and Tether. He covers a wide range of topics, including regulatory developments in decentralized finance (DeFi), decentralized physical infrastructure networks (DePIN), real-world assets (RWA), GameFi, and cryptocurrencies. Previously, Lockridge conducted market analysis and technical assessments of digital assets, including Bitcoin and altcoins such as Arbitrum, Polkadot, and...
READ FULL BIO
Sponsored
Sponsored