Crypto Threat Intel: North Korean hacking group is targeting crypto business employees
Cybersecurity is a pretty weird space – but something it’s really hot on is threat intelligence. And for good reason, because forewarned is forearmed, right?
If you know what hacking groups are most active right now, what techniques they’re known to use, and what sort of businesses they’re targeting, you can better prepare and protect yourself.
We’ve noticed that in the crypto space, threat intel isn’t shared in up-to-the-minute feeds of what’s out there right now. Rather, FUD-fuelled headlines of what’s already gone wrong seem to dominate.
What good is that to you and your business?
So, here’s your dose of threat intel to help put you on the front foot – so you don’t turn into another crypto hack headline.
North Korean APT hacking group, Lazarus, is currently targeting employees of blockchain and crypto businesses with spear-phishing campaigns aimed at stealing cryptocurrency.
Why does this matter to you?
Put simply, your employees could be targeted by Lazarus’ latest spear-phishing campaign. This puts your business at risk of having its crypto or its clients’ crypto stolen via malware.
Who is being targeted?
The campaign is targeting employees at cryptocurrency exchanges, Defi, play-to-earn cryptocurrency games, and crypto-coin trading companies, as well as VCs that invest in cryptocurrencies and individuals with significant amounts of NFTs.
How does it work?
Spear-phishing is a more targeted version of a phishing attack and is Lazarus’ modus operandi.
In this campaign, the target – an employee at a crypto business – is sent an email professing to be a recruitment effort. Lured by the high-paying jobs that are seemingly on offer, the target is tricked into downloading bogus applications claiming to be price-prediction and trading tools.
These applications contain malware, specifically a remote access trojan known as TraderTraitor which infects the target’s machine. In addition to stealing crypto, TraderTraitor can also steal data and system information.
Who is Lazarus?
Lazarus Group is a cybercrime organisation with links to North Korea. It’s an APT – an advanced persistent threat – and was recently revealed to be behind the Ronin exploitation that led to the theft of $600m in ETH and USD coins. So they’re not to be underestimated.
What can you do to protect your business?
It goes without saying, but good security hygiene should always be practiced, and your employees should be empowered to recognise, identify and flag suspicious emails.
But hackers are getting smarter; their whole raison d’être is to find ways to infiltrate networks and gain access to sensitive information or assets. Your people and their ability to recognise spear-phishing emails or malware-riddled apps should never be your only line of defence against them.
Luckily, there are more layers of protection you can put in place to offload your risk and reduce your exposure to the vast threat landscape.
Coincover’s Business Theft Protection technology prevents businesses from losing their crypto due to malicious activity. With a real-time in-flow response to transactions, you can determine whether they are safe and properly authorised before they’re added to the blockchain, giving you a vital defence against hacking and human error.
To find out more about how we can help you offload your risk, get in touch today.