North Korea has not enjoyed the best reputation in the political space. The country and its Supreme Leader have been criticised in many fields. Unfortunately, the island country is also not doing well reputation-wise in the cryptocurrency space. Many notorious gangs of hackers have mainly defined the country’s image in the crypto field, and it seems they now have one more trick up their sleeves. 

It is being reported that many North Korean state-sponsored hackers have improved their strategy through a new campaign called “Hidden Risk.” This campaign seeks to break into many crypto firms through malware disguised and passed off as legitimate documents. 

“Hidden Risk” has been described as a series of attacks orchestrated to steal funds from the crypto industry, which has now hit the $2.6 trillion mark. The campaign is specially designed to exploit crypto’s decentralized framework and largely underregulated space.

In a Thursday report, hack research firm SentinelLabs linked the new Hidden Risk campaign to the BlueNoroff hacker group. This group is infamously known as a subgroup of the more terrible Lazarus Group, which stole millions in crypto to fund nuclear and weapons programs in North Korea. 

In usual fashion, the FBI has again warned the crypto community about these North Korean actors and their increasing attacks on employees of DeFi and ETF firms. The hackers have seemed to move on from their usual strategy of grooming social media victims, now opting for more elaborate phishing emails disguised as crypto news alerts. 

These hackers’ former social media grooming usually involved establishing connections and building trust with targetted persons on social media platforms, including LinkedIn and Twitter, before eventually attacking their wallets.

According to the report, the new email scam, on the other hand, involves cybercriminals creating emails disguised as news or updates about the prices of Bitcoin (BTC) or even newsletters about the recent trends in the DeFi world. They then lure victims into clicking on added links disguised as leading to legitimate PDF documents, ultimately leading to the clicker downloading malicious software applications onto their computers.

Mac devices are especially being targeted. The report said the malware was designed to bypass Apple’s renowned in-built security protections. The hackers reportedly get their software signed with legitimate Apple Developer IDs to evade macOS’s Gatekeeper system. 

Once installed, the malware stays undetected through hidden system files. It is designed so well that it remains undetected even after the computer is restarted, and it is also able to communicate with remote servers controlled by the hackers. 

SentinelLabs further advised macOS users, especially those used in organizations, to work on improving their security measures and increasing their awareness of possible risks.

How North Korean IT Workers Invading Crypto, and Why They Do It | HODL FM
Crypto firms unknowingly hire North Korean IT workers funding DPRK’s nuclear program through stolen IDs.
hodl-post-image

Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice of this sort, HODL FM strongly recommends contacting a qualified industry professional.