North Korean Hackers Use New Phishing and Malware Attacks For Crypto Crimes

North Korea has committed a number of scams related to crypto in the past decade. Almost 11 of the cryptocurrency thefts, valued at $54.7 million, in 2024 alone have been conducted by DPRK IT workers, according to the United Nations.

More articles

Nausheen Thusoo
Nausheen Thusoo
Nausheen has three years of devoted experience covering business and finance. She is aware of the constantly changing financial landscape, especially in the rapidly growing cryptocurrency space. Her ability to simplify difficult financial ideas into understandable stories and her analytical thinking make her articles valuable for both novice and experienced readers.She has written about a wide range of subjects, including investing methods, market trends, and regulatory changes pertaining to the cryptocurrency industry. She has worked with Reuter, Coingape and Bankless times. Nausheen blends a talent for narrative with meticulous research skills. She is also skilled at establishing connections with business leaders so they can offer unique perspectives and interviews that enhance their reporting

North hackers are using new techniques for crypto scams. In the latest addition to the long list of ways in which hackers in DPRK have been stealing crypto, phishing and malware scams are the newest addition.

Researchers at SentinelLabs have discovered that since July 2024, phishing emails that appear to offer useful information about the dangers associated with the increase in the price of Bitcoin have been sent to targeted victims in cryptocurrency-related industries.

How Do The Email and Malware Work?

The email instructs users to open an PDF file with important information. In order to download the PDF file, the email instructs the recipient to click the “Open” button; however, doing so will cause the malicious macOS application bundle “Hidden Risk Behind New Surge of Bitcoin Price.app” to be downloaded.

The malware will allow the hacker to then take up all important information, alongside undertaking the crypto hack.

When the app is launched, a fake PDF file with an actual research paper published earlier this year is downloaded and opened. It also secretly downloads and runs a malicious binary from a hard-coded URL at the same time.

North Korea’s Crypto Scams See Increase In Last Decade

North Korea has committed a number of scams related to crypto in the past decade. Almost 11 of the cryptocurrency thefts, valued at $54.7 million, in 2024 alone have been conducted by DPRK IT workers, according to the United Nations.

Known officially as the Democratic People’s Republic of Korea (DPRK), North Korea has been subject to U.N. sanctions since 2006. Over time, the sanctions have been tightened in an effort to reduce funding for its nuclear and ballistic missile programs.

Since the nation has been under constant sanctions, the theft of crypto money and virtual assets has helped the country to use the funds for various activities.

Just recently, to recoup more than $2.67 million in digital assets that were taken by the North Korean Lazarus Group, the US government has filed two lawsuits.

Since 2017, it is estimated that North Korean hackers have stolen $3 billion worth of cryptocurrency, using the proceeds to finance the regime’s missile and nuclear projects.

Microsoft has discovered a number of new North Korean hacking groups that have been targeting cryptocurrency organizations since last year. These organizations include Moonstone Sleet, Jade Sleet, Sapphire Sleet, and Citrine Sleet.

Microsoft specifically highlights Moonstone Sleet which has created a unique ransomware variant and used it against unnamed organizations in the defense and aerospace industries in order to obtain financial information as well as intelligence.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest