Suspected North Korean cyber group seeks to woo bitcoin job seekers

The surging cost of cryptocurrencies in global markets is usually catching the eye not just of ordinary retail investors however a cybercrime gang with links to the North Korean government, according to cyber researchers tracing the group’s activities.

The Lazarus cybercrime group is usually mounting an ongoing scheme to steal the online credentials of bitcoin industry insiders, a report published by researchers at U.S. cyber security firm Secureworks’s Counter Threat Unit (CTU) said on Friday.

Cybersecurity firms including Secureworks suspect North Korea to be behind the Lazarus group, which they link to an $81 million cyber heist last year at the Bangladesh central bank as well as a 2014 attack on Sony’s Hollywood studio.

“Given the current rise in bitcoin prices, CTU suspects which North Korea’s interest in cryptocurrency remains high as well as (This particular) is usually likely continuing its activities surrounding the cryptocurrency,” Secureworks said in a statement to Reuters.

Prices for the volatile cryptocurrency surged past $10,000 late last month as well as have continued to race upward toward $20,000. 1 bitcoin traded above $17,500 on Friday, up more than 7 percent on the day as well as more than 18 times inside the year to date.

Secureworks said which as recently as last month This particular had monitored a targeted email campaign aiming to trick victims into clicking on a compromised link for a job opening for a chief financial officer role at a London cryptocurrency company.

Those who clicked on the hiring link were infected by malicious code through an attached document inside the email which installed software to take remote control of a victim’s device, allowing hackers to download further malware or steal data.

This particular malware shares technical links with former campaigns staged by the mysterious cybercrime group Lazarus, which Secureworks has labeled “Nickel Academy”. Secureworks did not say whether anyone who received the email actually clicked on the link.

The so-called “spearphishing” attempt appears to have been delivered on October 25, however initial activity was observed by Secureworks researchers dating back to 2016. The researchers said in a statement they believe the efforts to steal credentials are still on-going.

Recent intrusions into several bitcoin exchanges in South Korea have been tentatively attributed to North Korea, This particular said.

Secureworks researchers have found evidence dating back to 2013 of North Korean interest in bitcoin, when multiple user names originating through computers using extremely rare North Korean internet addresses were found researching bitcoin.

The same internet addresses were linked to previous North Korean cyber attacks.

A spokeswoman for Secureworks said the company was releasing its preliminary findings right now as well as a more complete report could be published later.

Leave a Reply

Your email address will not be published. Required fields are marked *


19 + nine =