North Korea-backed hackers Lazarus Group are more and more concentrating on the cryptocurrency group by means of widespread phishing operations on the favored messaging utility Telegram, in line with a Dec. 6 replace from blockchain safety agency SlowMist.
The group’s new modus operandi entails impersonating respected enterprise capital funding figures from Archax, HashKey, and Gumi Cryptos to lure crypto groups with engaging funding proposals.
On this assault methodology, the hacker establishes belief with their victims by means of fixed messages after which lures them into unknowingly working malicious scripts for phishing assaults below the guise of attending a gathering.
This corroborates a latest warning by Alexandre Masmejean, the CEO of Showtime, a crypto market for creators. Earlier within the week, Masmejean stated he was contacted by FBI brokers who instructed him that Asian cybercriminals, posing because the Head of HashKey Singapore Group, had been working malware on his laptop.
SlowMist highlighted how the hacker group leverages Calendly’s “Add Customized Hyperlink” function to embed malicious hyperlinks inside occasion pages for phishing makes an attempt. These well-disguised hyperlinks, seamlessly built-in into the background, usually evade suspicion.
In the meantime, the safety agency additional recognized a selected IP, 104.168.137.21, linked to numerous domains impersonating different initiatives. They warning vigilance and preemptive measures in opposition to potential dangers related to this malicious IP.
North Korea Lazarus Group’s infamous streak
Over the previous a number of years, the North Korean Lazarus Group has siphoned roughly $3 billion from the cryptocurrency trade. The Asian nation has been accused of sponsoring these hackers to take advantage of crypto initiatives to finance its weapons program
The U.S. has traced again a number of crypto breaches to the North Korea-affiliated hacker-controlled wallets, such because the Ronin bridge exploit, which noticed the theft of over $600 million in property.
The dimensions of those thefts is substantial, with Chainalysis, a blockchain analytics agency, estimating that over $3 billion has been stolen by North Korean hackers previously 5 years. This determine is additional corroborated by South Korean intelligence, which reported a theft of $1.2 billion in BTC and ETH by North Korea in 2022 alone.
