North Korean Hackers Shift Strategy in ‘Hidden Risk’ Campaign, Targeting Crypto Firms

North Korean hackers, linked to the BlueNoroff subgroup of the Lazarus Group, have launched a new ‘Hidden Risk’ campaign targeting crypto firms through phishing emails.
The malware used in this campaign bypasses macOS’s Gatekeeper security by using legitimate Apple Developer IDs.

North Korean hackers have launched a fresh wave of cyberattacks against cryptocurrency firms, using a new approach that swaps social media grooming for phishing emails, cybersecurity firm SentinelLabs reported. Dubbed the ‘Hidden Risk’ campaign, this latest operation involves malware concealed as legitimate documents to breach crypto companies’ defenses.

SentinelLabs traced these attacks to BlueNoroff, a subgroup within the infamous Lazarus Group, which has a long history of cybercriminal activities aimed at funding North Korea’s nuclear program. Known for stealing millions, this hacking group now seeks to exploit the booming $2.6 trillion crypto industry’s decentralized and relatively unregulated nature.

The FBI has also warned about increasing threats from North Korean cyber actors, highlighting their sophisticated social engineering campaigns targeting employees of DeFi and ETF firms. The ‘Hidden Risk’ campaign appears to extend these efforts, specifically focusing on breaching crypto exchanges and financial platforms.

Instead of the traditional strategy of cultivating relationships with potential victims over social media platforms like LinkedIn or Twitter, these hackers now rely on phishing emails disguised as crypto news alerts. According to SentinelLabs, the phishing emails, which first appeared in July, lure recipients with topics like Bitcoin price updates or DeFi trends.

However, when users click on these links, they unwittingly download a malicious application, which infiltrates their macOS by bypassing Apple’s Gatekeeper security through genuine Apple Developer IDs.

SentinelLabs cautions macOS users, especially within organizations, to strengthen security measures and remain vigilant against these types of phishing threats.

Edited by Harshajit Sarmah

North Korean Hackers Shift Strategy in ‘Hidden Risk’ Campaign, Targeting Crypto Firms

Read Next

AI Startup Zaher AI Lands $150K, Becomes Meska Studio’s First Flagship Firm

Pentagon Backs Blue Origin and Anduril to Study Rapid Space-to-Earth Cargo Delivery

FLOQ Reaches Nearly 1 Million Users in Less Than 3 Months

Meta’s $10B Louisiana Data Centre Gets Green Light for Gas Power Amid Criticism

Europe’s DAOs Drive Public-Good Funding and Blockchain Innovation

SecureDApp Launches an AI-Powered Blockchain Forensics Platform to Combat Web3 Financial Crimes

Victim Loses $91M in Bitcoin After Fraudster Poses as Hardware Wallet Support: ZachXBT

Real-Money Gaming Ban in India Risks Jobs, Spurs Legal and Industry Backlash

Edtech Startup Arivihan Raises $4.17 Million in Pre-Series A Round Led by Prosus and Accel

Battery Startup Group14 Lands $463M as Demand for Silicon Anodes Grows

Subscribe to Newsletter