Malicious digital hijacking campaigns are being carried out by North Korean hackers according to reports.
Two serious cases of hacking have been reported in a succession, by groups called Lazarus and Andariel. Let’s find out more about these incidents:
According to a report published by the US cybersecurity company known as “SecureWorks”, the hacker group Lazarus initiated a “spear phishing” attack focusing on the cryptocurrency company’s financial executives.
According to the victims, they were trapped with the help of an email offering them an opportunity to head a European based virtual currency company.
Secureworks explained in their press release how the spear phishing works. According to them, “Upon opening the word attachment in the phishing email, the victim is presented with a pop-up message encouraging the user to accept the ‘Enable Editing’ and ‘Enable Content’ functions. The email contains a Microsoft Word document with an embedded malicious macro that, when enabled, creates a separate decoy document (the CFO Job Lure), that is shown to the recipient. It then installs a first-stage Remote Access Trojan (RAT) in the background that the malicious document is configured to deliver. Once the RAT is installed on the victim’s computer, the threat actors can download additional malware at any time.”
A server at a South Korean company was taken over by a hacking unit called Andariel, and was used to mine about 70 Monero coins which are worth about $2500 today.
According to Kwak Kyoung-ju, a leader of a hacking analysis team of a government supported financial security institute, hackers usually prefer Monero over Bitcoin because the former is easier to hide and launder.
The Bottom Line:
It is being speculated that these North Korean hackers have ties to the Northern Korean government due to the locals not having the means to perform such a task thanks to the country’s policies. However, the real scenario is uncertain but exchanges are trying their best to improve security.