Cybersecurity firm SentinelLabs has identified a new malware campaign called Hidden Risk, launched by North Korean hackers BlueNoroff, targeting cryptocurrency businesses.
The campaign, first observed in October but possibly active since July, uses phishing emails with fabricated crypto news headlines to infiltrate organizations in the crypto industry, SentinelLabs said in a report released on Thursday.
Phishing emails contain links to PDFs on topics such as “Hidden Risk Behind New Surge of Bitcoin Price” and “Altcoin Season 2.0—The Hidden Gems to Watch,” aiming to lure victims into downloading malware.
North Korean hackers BlueNoroff reportedly impersonated real individuals from unrelated industries, forwarding messages purportedly from well-known crypto social media influencers. In one instance, the attackers replicated a legitimate research paper titled “Bitcoin ETF: Opportunities and Risks” by a University of Texas academic, originally hosted by the International Journal of Science and Research Archive (IJSRA).
Unlike previous operations by BlueNoroff, the Hidden Risk campaign uses simpler phishing emails without personal or context-specific details. The sender domain used, kalpadvisory[.]com, is associated with spam activity in Indian stock market forums, according to SentinelLabs.
“While North Korean cyber actors have previously engaged in extensive target grooming on social media, this campaign adopts a more direct phishing strategy,” said SentinelLabs.
Researchers suggest that increased scrutiny of North Korean cyber activities may have made social media tactics less effective due to heightened awareness among targets in sectors like decentralized finance (DeFi) and exchange-traded funds (ETFs). However, state-backed actors are likely to deploy multiple strategies concurrently.
The campaign demonstrates the hackers’ ability to obtain valid Apple “identified developer” accounts, achieve malware notarization by Apple, and bypass macOS security measures such as Gatekeeper, SentinelLabs noted. The firm urged macOS users, particularly within organizations, to enhance their security measures and remain vigilant to potential threats.
The findings come after the U.S. Federal Bureau of Investigation warned that North Korean hackers are using sophisticated social engineering campaigns against cryptocurrency operations.
Read More
- Former FTX Executives Sentenced: Gary Wang Seeks Leniency, Caroline Ellison Begins Prison Term
- Lazarus Group Levels Up with Fake Blockchain Game in Crypto Heist
- Hackers Briefly Borrow $20M in Crypto from US Gov, Returns it (Mostly) Intact
Vanessa has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Daily is an official media and publication of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.