With the dramatic surge in the price of cryptocurrencies in global markets, it comes to no surprise if people are trying to crypto jack those virtual coins from our machine. But it appears, a cybercrime gang with links to the North Korean government, also wants to take advantage of a surge in cryptocurrencies, like Bitcoin.
According to a report by US-based cyber security firm SecureWorks, a hacker collective called “Lazarus Group,” a team linked to the North Korean government is believed to be conducting targeted spearphishing campaign against the people who work in the cryptocurrency companies, in an effort to steal Bitcoins.
The attacks are attempted via email luring the victims for a CFO job at a Europe-based cryptocurrency company. The hacker group has tried to trick workers into compromising their PCs by including a malicious Word file in the emails which require the victim to allow edit permissions to see the document. If they fell prey, it installs a rogue macro that quietly loads a PC-hijacking trojan in the background.
The security researchers found that North Korea was interested in Bitcoins at least since 2013. Back then, multiple usernames originating from a North Korean IP address were doing Bitcoin research while hiding behind proxy servers to mask their originating IP address. But unfortunately, those proxy servers failed occasionally, revealing their actual originating IP.
The latest round of phishing appears to have been delivered around October 25 this year, but SecureWorks’ analysts have observed similar activities as early as 2016. They assess this as the continuation of activity first observed in 2016. The firm believes that the campaign is likely still ongoing and that this is a preliminary report. And, reports in the coming future would provide a better picture of the situation.
Lazarus group, which is assumed to be associated with the North Korean government, has the history of conducting money-grabbing attacks like the 2014 cyber attack on Sony’s Hollywood Studio, 2016 bank robbery in Bangladesh that swiped $81 million, and the WannaCry worldwide ransomware attack in May.