North Korean hacking groups have been tormenting the cryptocurrency industry for as long as the industry has existed. In recent times, the on-going pandemic seems to have fuelled these attacks as over the past few months there have been multiple attacks that seem to have connections with some of the most notorious hacking groups in North Korea.
Recently, the U.S. Department of Homeland Security (DHS) agencies including the FBI, the U.S. Cyber Command, and the Department of the Treasury have issued a warning against a massive hacking campaign that is targeting U.S. financial institutions and cryptocurrency exchanges around the world.
According to the announcement, the authorities are monitoring the resurgence of the North Korean state-sponsored hacking group, BeagleBoyz. Hence, U.S. authorities are warning about the high level of threat this possesses to the nation.
The group hasn’t been active over the past few years but were responsible for stealing at least $2 billion since 2015, mostly related “lucrative cryptocurrency thefts,” said the U.S. DHS.
Per recent findings, the group seems to be back again and have developed new “irreversible methods of theft” to attack crypto exchanges.
The group is supposedly planning to use a new malware that includes COPPERHEDGE – a remote access tool employed used is sophisticated attacks targeting crypto exchanges. The tool allows the attackers to run commands on infected systems and exfiltrate stolen data.
Erich Kron from cybersecurity firm KnowBe4 said that the group was well organized and even attacked ATMs alongside exchanges.
“The ATM cash out schemes are interesting, as they are often well organized and can include many accomplices around the world working together to make large withdrawals simultaneously.”
While delivering malware to crypto exchanges was a more basic, he added:
“The use of phishing emails and LinkedIn connections demonstrate how the initial attacks are often done using low-tech social engineering schemes, then move into more high-tech techniques once in the network.”
Lazarus group is active
The report comes days after Finnish cybersecurity firm F-Secure discovered a new type of phishing attack that is also targeting crypto businesses all around the globe and was executed by the Lazarus group, another notorious hacking group from North Korea.
The group targeted crypto companies by infecting the computers of system admins by sending a malware-infected Microsoft Word document that was designed to look like a job offer.