Researchers have identified a new attack named 'Hidden Risk', targeting cryptocurrency companies and linked to North Korea's Lazarus Group.
Phishing Emails and Advanced Malware Techniques
The 'Hidden Risk' campaign disguises phishing emails as notifications about new articles in the crypto field and updates on the DeFi market trends. These fake emails, seemingly from legitimate organizations, urge victims to click on links promising PDFs, but instead, they install malware on macOS computers. This malware uses valid Apple Developer IDs to bypass the Gatekeeper system, allowing it to persistently run in the background and create hidden connections to North Korean servers.
Vulnerabilities in Blockchain Platforms
The BlueNoroff group, part of the Lazarus Group, has earned credit for stealing millions of dollars to fund North Korea's programs by exploiting vulnerabilities in decentralized financial platforms and the blockchain industry as a whole. In response, the FBI issued warnings asking financial companies to remain alert to phishing and social engineering from North Korean cyber actors, particularly in the DeFi and ETF sectors.
Conclusions and Increasing Threats
The 'Hidden Risk' attack highlights the necessity of bolstering cybersecurity in the crypto industry. North Korean hackers' continually improving skills pose a serious threat, and organizations should constantly refine their protective systems to counter phishing attacks and social engineering.
The 'Hidden Risk' campaign serves as a warning for the crypto industry to reinforce defenses against increasingly sophisticated cyber-attacks.
