Report: North Korean Hackers Are Stepping Up Crypto Attacks

North Korean hackers launched a massive phishing campaign in December using a variety of new tactics, cybersecurity firm Proofpoint announced on Wednesday. File Photo by Stephen Shaver/UPI | license photo

SEOUL, Jan. 25 (UPI) — North Korean hackers are exhibiting a “startup mentality” when experimenting with new methods to conduct cryptocurrency heists, according to a report by cybersecurity firm Proofpoint on Wednesday.

The Sunnyvale, Calif.-based firm said a group they identify as TA444, which overlaps with notorious hacking collective Lazarus, launched a massive wave of phishing attacks in December targeting the financial, educational, Government and healthcare sectors in the United States and Canada.

The group’s emails used approaches that differed from tactics researchers had previously associated with them, including efforts to obtain passwords and login credentials from users.

“This sprawling credential-gathering activity is a departure from normal TA444 campaigns, which typically involve the direct use of malware,” the report states.

The hackers used email marketing tools to avoid phishing filters and created content such as job offers and salary matches to lure targets. They also relied on social media networking service LinkedIn to engage with victims before providing links to malware, the researchers said.

According to Proofpoint, December’s spam spree nearly doubled the volume of emails sent by the group for the full year.

Greg Lesnewich, senior threat researcher at Proofpoint, said in an email that TA444 has a “startup mentality” and is “testing a variety of infection chains to expand its revenue streams.”

“This threat actor is rapidly developing new attack vectors while incorporating social media as part of its MO,” he said. “TA444 leads North Korea’s cash flow generation for the regime by raising washable funds.”

North Korea remains under heavy international sanctions and has increasingly turned to cybercrime to fund its illegal weapons program.

According to the FBI, the Pyongyang-affiliated Lazarus Group was behind the staggering theft of more than $600 million in cryptocurrency from an online video game network in March.

On Monday, the FBI also confirmed that the Lazarus group was responsible for a $100 million heist in June on Horizon Bridge, a crypto transfer service powered by the US-based Harmony blockchain.

South Korea’s National Intelligence Service said last month that North Korea has stolen $1.2 billion worth of cryptocurrency assets worldwide since 2017, with the bulk of that expected to arrive in 2022.

The spy agency warned that this year Pyongyang is likely to step up efforts to steal sensitive intelligence and defense technology from the south.

Leave a Comment