The Lazarus Group Targets Bitcoin Industry Insiders
The Lazarus Group, a cybercrime gang with ties to the North Korean government, has set its sights on Bitcoin industry insiders with a new targeted phishing campaign. Their goal is to steal credentials and potentially access and steal Bitcoin from their victims.
Phishing Campaign Targets London Cryptocurrency Company
According to the Secureworks Counter Threat Unit (CTU), the Lazarus Group has launched a spearfishing email campaign directed at employees of a London cryptocurrency company. The emails claim to be discussing a job opening for a CFO, with an attached job listing. However, the attachment actually contains a remote access trojan (RAT) that allows the attackers to install more malware, take control of the victim’s device, and steal sensitive data, including network credentials.
North Korean Involvement in Cybercrime
Lazarus, known for its association with the North Korean regime, has been linked to various high-profile cyber attacks, including the Wannacry ransomware campaign, the Bangladesh central bank heist, and the Sony Pictures hack in 2014. Additionally, North Korean threat actors have recently shown an interest in procuring cryptocurrency, both legally and illegally, with reported intrusions into Bitcoin exchanges in South Korea.
Recorded Future has noted a significant increase in North Korean activity related to Bitcoin, with users in North Korea starting to mine the cryptocurrency in May. This surge in activity coincided with the rising value of Bitcoin, which reached over $17,500 per dollar.
Monetizing Cybercrime Efforts
As Bitcoin prices continue to rise, cybercriminals are increasingly targeting Bitcoin industry insiders to profit from their illegal activities. Eyal Benishti, founder and CEO of IRONSCALES, highlights the growing trend of phishing campaigns bypassing email filters and gateways to target high-value assets like Bitcoin.
With the allure of cryptocurrency profits, it is crucial for Bitcoin industry insiders to remain vigilant against cyber threats and ensure robust security measures are in place to protect their assets from malicious actors like the Lazarus Group.