North Korea-backed hackers Lazarus Group are more and more focusing on the cryptocurrency group via widespread phishing operations on the favored messaging utility Telegram, in line with a Dec. 6 replace from blockchain safety agency SlowMist.
The group’s new modus operandi entails impersonating respected enterprise capital funding figures from Archax, HashKey, and Gumi Cryptos to lure crypto groups with engaging funding proposals.
On this assault technique, the hacker establishes belief with their victims via fixed messages after which lures them into unknowingly operating malicious scripts for phishing assaults below the guise of attending a gathering.
This corroborates a latest warning by Alexandre Masmejean, the CEO of Showtime, a crypto market for creators. Earlier within the week, Masmejean mentioned he was contacted by FBI brokers who informed him that Asian cybercriminals, posing because the Head of HashKey Singapore Group, have been operating malware on his laptop.
SlowMist highlighted how the hacker group leverages Calendly’s “Add Customized Hyperlink” function to embed malicious hyperlinks inside occasion pages for phishing makes an attempt. These well-disguised hyperlinks, seamlessly built-in into the background, usually evade suspicion.
In the meantime, the safety agency additional recognized a particular IP, 104.168.137.21, linked to varied domains impersonating different tasks. They warning vigilance and preemptive measures in opposition to potential dangers related to this malicious IP.
North Korea Lazarus Group’s infamous streak
Over the previous a number of years, the North Korean Lazarus Group has siphoned roughly $3 billion from the cryptocurrency business. The Asian nation has been accused of sponsoring these hackers to use crypto tasks to finance its weapons program
The U.S. has traced again a number of crypto breaches to the North Korea-affiliated hacker-controlled wallets, such because the Ronin bridge exploit, which noticed the theft of over $600 million in belongings.
The size of those thefts is substantial, with Chainalysis, a blockchain analytics agency, estimating that over $3 billion has been stolen by North Korean hackers up to now 5 years. This determine is additional corroborated by South Korean intelligence, which reported a theft of $1.2 billion in BTC and ETH by North Korea in 2022 alone.