Beware: North Korean Hackers Phishing Crypto Keys

The North Korean hacking group, dubbed Lazarus, has been quite active in cyber criminal activity for the past few years.

Now, according to reports by a US cyber security firm, SecureWorks, the group may be plotting to use targeted email and phishing attacks on well-known people in the cryptocurrency space.

According to the report, the group is likely to send targeted emails that will be laden with malware. This malware will have credential harvesting capabilities in order to steal the passwords and private keys from the individuals.

Malware Mission

Secureworks stated in the report that they had been monitoring the activity ever since October. They said that the emails that were sent contained a malicious link which looked like it was for a job application in a cryptocurrency start-up.

However, the link would connect to a server under the control of the hacker and the victim would unknowingly download some malware onto their PC. This malware could then take control of the PC and copy the sensitive data.

SecureWorks also said that the amount of interest in cryptocurrency was at an all-time high in the reclusive regime. They are probably looking for a number of different exploits and payloads in order to spread the malware.

Lazarus Exploits

The group is well known in hacking and cyber security circles for their highly effective campaigns. They were the primary suspect in the hack on Sony Pictures back in 2014 and the recent spread of the wannacry malware.

Lazarus group was also supposedly responsible for one of the biggest bank heists in history when the group was able to infiltrate the central bank of Bangladesh. They made off with approximately $70m in loot.

Given that the North Korean regime is increasingly susceptible to international sanctions, these bitcoin hacking attempts are a great way for the regime to get extra cash to fund the weapons program.

Focused on Cryptocurrencies

Given how easy it is to use Bitcoin globally, there is no wonder that the North Korean hackers are actively targeting it. We have previously covered numerous attempts by the North Koreans to hack South Korean cryptocurrency exchanges.

In fact, according to a report by a South Korean spy agency, the North Koreans were able to steal about $7m worth of Bitcoin and Ether as well as over 30,000 identity documents. South Korean exchanges are rich pickings because they are some of the most extensively traded markets in the world.

As a sign of how important cryptocurrency loot is to the regime, the state University in Pyongyang is running classes in blockchain and cryptocurrency technology.

According to SecureWorks, the North Koreans have been experimenting with Bitcoin going back as far as 2013. They took a look at the IP addresses of attacker machines in previous hacks and were able to link them to network connections at that time.

Opsec is Key

If you are really worried about the North Koreans stealing your crypto, you can take comfort in the fact that most of these attacks appear to use social engineering.

Unless you keep your coins on an exchange, hackers are unlikely to grab your coins as long as you do not follow suspicious links or open emails from people you do not know.

Guard your private keys with your life and always act with suspicion.