‘North Korean’ Hackers Target Crypto Exchanges, Spread Viruses in Word Doc

North Korean hackers are “using fake job offer emails to dupe crypto exchange employees,” warned security experts – and Pyongyang-aligned cyber-terrorists are causing “damage” by circulating “malware-ridden MS Word documents” south of the 38th Parallel.

Gina Kim, an IT security professional based in Seoul, South Korea, told Cryptonews.com,

“Although I can’t say for sure that they come from North Korea, malicious actors with impeccable Korean language skills are certainly now targeting employees at South Korean financial institutions including crypto exchanges with what look like bona fide job offers. The idea is to build up trust and eventually to get staff members to open malware-infested documents or apps on work computers. The days of the easy-to-spot spam email are dead.”

Per News1, security firms have unearthed evidence of Pyongyang-based campaigns that target government bodies, financial institutions, crypto exchanges and more.

The Security Response Center of South Korean security provider AhnLab said that a “suspected North Korean hacker group” named Kimsuki, has recently launched a cyberattack campaign on a number of South Korean targets using what appears to be a normal-looking Word document.

The innocuous-looking document email was circulated by email, reaching government offices that deal with North Korea-related affairs, universities and more, and ostensibly contained North Korea-related information.

However, the document was laced with malicious code that compromised devices and networks of the companies where it was opened.

The media outlet also stated that F-Secure, a firm that recently claimed bogus job offers have become a new way to compromise trading platform staff, said it has evidence that the notorious Lazarus group is behind the attacks.

Lazarus is the North Korean hacker group believed to be behind the WannaCry ransomware attacks of 2018.

The media outlet quoted Matt Lawrence, F-Secure’s Global Lead for Incident Response, as stating,

“We have found similarities between these [recent cyberattacks] and previous Lazarus attacks. We are convinced that Lazarus is behind the latest cyberattacks because of these similarities.”

F-Secure claimed last month that Lazarus has this year launched a spate of spear-phishing attacks using platforms like LinkedIn, with bogus job offers to crypto exchange employees in over a dozen nations.
__
Learn more:
UN: North Korea Turns Talented Children into Cryptocurrency Hackers
Small Crypto Exchanges ‘Low-hanging Fruit’ for North Korean Hackers