A group of North Korean hackers is involved in a massive campaign against American financial institutions and cryptocurrency exchanges around the world.and the US authorities warn of the grave threat to the country.
According to a warning from the US Department of Homeland Security (DHS), agencies like the FBI, US Cyber Command and the Treasury Department discuss the resurgence of North Korea-sponsored hacking group BeagleBoyz.
Hackers have not been as active in recent years as the infamous Lazarus group, another group of hackers from the hermit regime. According to reports, however have been responsible for the theft of US $ 2 billion since at least 2015, mainly in connection with “lucrative crypto thefts”.said the US DHS.
The group appears to have restructured their team earlier this year based on the latest findings and developed new “irreversible theft methods” for exchanging cryptocurrencies.
The malware planned by BeagleBoyz includes COPPERHEDGE, a remote access tool used by sophisticated threat groups to attack cryptocurrency exchanges. The tool can execute commands on compromised systems and filter stolen data.
In conversation with Cointelegraph, Erich Kron, A security awareness attorney at cybersecurity firm KnowBe4 said the group was well organized and focused on ATMs and exchanges.
“ATM withdrawal systems are interesting in that they are often well organized and can include many accomplices from around the world working together to make large withdrawals at the same time.”said. In contrast, deploying malware for sharing used to be pretty straightforward, he said:
“The use of phishing emails and LinkedIn connections shows how early attacks are often carried out using low-tech social engineering schemes and then switched to high-tech techniques online.”
According to a report from the Finnish cybersecurity and data protection company, F-Secure, The last attack by the Lazarus Group came via a job posting related to cryptocurrency on LinkedIn.
Their research revealed that a person working in the blockchain space received a phishing message impersonating a legitimate blockchain job list.