North Korean threat actor groups have shifted to a new strategy for monetizing its country’s cash reserve. The hackers are now targeting individual crypto investors - instead of attacking financial institutions and centralized crypto exchanges - to steal cryptocurrencies.
Modus Operandi
To initiate the attack, the hackers send a phishing email to the targeted victims. The email contains a malicious file attachment. Once the victim clicks on the file, a malicious script gets downloaded and infects the computer. This enables the hackers to take control over the machine and from then on, they can carry out their nefarious tasks. This includes stealing of victim’s cryptocurrencies without his knowledge.
The hackers have shifted their attack strategy most likely due to the upgraded security protocols that have been implemented on crypto exchange platforms in the past few months.
“Direct attacks on exchanges have become harder, so hackers are thinking about alternatively going after individual users with weak security. They targeted staff at the exchanges, but now they are attacking cryptocurrency users directly. With the US, the UN and others imposing sanctions on the North Korean economy, North Korea is in a difficult position economically, and cryptography has come to be seen as a good opportunity.” said Simon Choi, the founder of the cyber warfare research group IssueMakersLab.
Simon Choi further explains that most of these attacks are being conducted against the CEOs of popular and established firms, as it enables the hackers to cash out a large sum of money instantly.
Meanwhile, security experts say that the shift in the attack technique is a part of a new strategy by Pyongyang to evade US sanctions that were supposed to be used for an illegal nuclear weapons program.
Publisher