A London cryptocurrency firm has allegedly been hit by cyberattacks targeting bitcoin, launched by The Lazarus Group, the notorious cybercrime organisation thought to be directly linked to North Korea.
Employees have been directly targeted with spear-phishing attacks as the hackers attempted to steal bitcoin from the organisation. The bait used by the hackers was a fake Chief Financial Officer job posting at the targeted company.
Once the malicious payload within an attached word document was triggered, a Remote Access Trojan (RAT) would be inconspicuously downloaded in the background, allowing the attacker to apply further malware on demand.
Bitcoin has been a preferred target for North Korean hackers since 2013, evidence of this has been discovered by Secureworks researchers, the same organisation that revealed the recent attack on the London cryptocurrency firm.
With bitcoin having recently achieved a new all-time high price as part of a steep price spike, bitcoin is more attractive to hackers than it ever has been, making cryptocurrency organisations prime targets. This incident will emphasise the importance of maintaining a heightened awareness of malicious cyber activity.
In line with this latest attack in the UK, similar attacks on South Korean bitcoin exchanges have also been identified recently and thought to potentially have North Korean origins. North Korea has previously launched attacks on South Korea in pursuit of financial gain.
The Lazarus Group has been associated with other major, high profile cyberattacks in recent years, including the WannaCry ransomware attack that inflicted significant damage on the NHS and the $81 million heist from Bangladesh Bank.
Eyal Benishti, CEO & Founder of IRONSCALES, said: “Criminals are increasingly looking to monetise their efforts and with the increase in Bitcoin value it’s not surprising that they’re after these targets. The challenge is that Phishing campaigns are increasingly able to bypass legacy email filters and gateways. By adopting spoofing and impersonation techniques, and researching the target to make the lure both attractive and/or plausible – aka a new job, victims can be duped. The result is end users find it virtually impossible to identify phishing emails as they land in inboxes across the workforce, leaving them and the organisation exposed.
This incident also puts a focus the threat posed by today’s phishing attacks. In the latest attack it is believed that reconnaissance was done in formulating the attack, an easy task that can lead to the production of a highly formidable attack that disarms the unrespecting target.