With Bitcoin prices climbing up the ladder by leaps and bounds, a certain section of the society are trying to profit from the same by traversing the unethical route. Bitcoin experts have been issued a series of warnings following hackers from North Korea spread fears after fooling people into installing a malware into their system.
It has been reported by Secureworks, a US based cyber-security firm that Lazarus Group, which is a team having direct links with the North Korean government is trying to benefit from this virtual gold rush by conducting a spear phishing drive against the crypto industry targeted at stealing the lucrative coins. These hacking attacks are trying to trick workers by sending over a seemingly innocuous English written email which pretends to carry details of a job offer in the CFO position of a Bitcoin company based in London. But this also comes with a word file in which users have to enable editing and enable content for viewing the same. This file is installing a rogue macro which triggers a PC-hijacking Trojan and downloads additional malware into the system while the staffers are busy deciphering the bogus document. These have been creating a big ruckus since November although analysts from Secureworks have traced back the same to early 2016 dates. In their preliminary report, the security firm has revealed that this malicious camping is going on with its full might. Lazarus Group came under the public glare after the infamous 2014 Sony Pictures breach, a $81 million bank robbery in Bangladesh and outbreak of the WannaCry ransomware.
“Our inference based on previous activity is that this is the goal of the attack, particularly in light of recent reporting from other sources that North Korea has an increased focus on bitcoin and obtaining bitcoin,” pointed out Rafe Pilling, the senior security researcher at Secureworks.
Researchers at Secureworks feel that the malware used by this particular campaign is a virgin form of Trojan which has been tailor-made for such types of attacks. The malware seems to have certain similarities with the basic elements of previous attacks launched by the Lazarus Group like that of depending on the C2 protocol components for communicating with command and control the servers. This is the main reason behind Secureworks Counter Threat Unit attributing such attacks to Lazarus and North Korea with such “high confidence.” Pilling told ZDNet that “The interesting thing here is that the technique and the tactics being used since last summer mark a change in the nature of the lure and the nature of the targeting. Previously, Lazarus used defence-themed lures to target defence organisations, but now they’re using bitcoin-themed lures to target financial companies.”
Bitcoin has set tongues wagging with its meteoric price hike and North Korea doesn’t seem to be any exception to this mesmerizing temptation. As per SecureWorks, IP addresses belonging to North Korea have been found to carry crypto based research back since 2013 when Bitcoin was discussed only in hushed undertones by technical nerds. Experts feel that the hackers from North Korea shall channelize these stolen coins for funding their local government which has been experiencing tough times courtesy the stringency in economic sanctions from global bodies. North Korean hackers have till date targeted four South Korean virtual currency exchanges by sending phishing emails. With the surging value of Bitcoin, it is expected that North Korea will add greater impetus to its looting activities in days to come.
NiceHash, a Bitcoin mining site was robbed off 4700 bitcoins earlier this month which presently holds a value of a whopping $83 million. The mastermind hackers stole the credentials of an employee after gaining remote access into one of the organisation’s computers. A strong unique password and two-factor authentication process is slowly becoming an absolute must for consumers investing in bitcoins and holding virtual wallets to protect themselves from the rising cyber malice.