North Korean Hackers ‘Trying to Bait Crypto Users With Bogus Job Offers’

North Korea
Last updated:
Author
Author
Tim Alper
About Author

Tim Alper is a British journalist and features writer who has worked at Cryptonews.com since 2018. He has written for media outlets such as the BBC, the Guardian, and Chosun Ilbo. He has also worked...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
Source: erllre/Adobe

North Korean hackers are trying to break into crypto accounts by sending bogus job offers, a security provider has claimed.

The claims were made in a post by Proofpoint, a California-based security provider, and reported by the South Korean media outlets KBS and TVChosun.

Proofpoint claimed that a group named TA444 was behind the latest hacking drive. It called TA444 “a North Korea-sponsored advanced persistent threat group” that is “likely tasked with generating revenue for the North Korean regime.”

And the provider claimed that while TA444 was “historically involved in the targeting of banks,” it has “more recently […] turned its attention to cryptocurrency.”

The provider also claimed that TA444 “mirrors” capitalist “startup culture” in “its devotion to the dollar and to the grind.”

This has reportedly seen the group target individuals with emails whose attachments are laced with malicious code that can eventually allow them to access crypto wallets.

Proofpoint gave what it stated were examples of this – showing screenshots of emails that featured PDF attachments referring to “salary adjustments.”

North Korean Hackers in ‘Large-scale’ Crypto Attack

Similar files seemingly offering paid employment are also common, the security firm added.

It stated:

“A444 has a complete marketing strategy to increase its chances of new […] revenue. It starts with crafting lure content. These can include analyses of cryptocurrency blockchains, job opportunities at prestigious firms, or salary adjustments.”

And, it added, TA444 has begun a “large-scale phishing attack” that targets the financial, education, government, and healthcare sectors in the United States and Canada.

The group reportedly started stepping up its offensive in December last year. And it has also allegedly been targeting potential victims on social media platforms like LinkedIn.

While reports of TA444’s involvement are a relatively new development, security experts have been accusing North Korea of similar tactics since at least 2020. They claim that groups such as Lazarus have attempted to bait individuals with complex phishing attacks that make use of “fake” LinkedIn accounts.

TVChosun quoted Hong Min, the head of the North Korean Research Office at South Korea’s Institute for National Unification, as stating “the easiest and most sustainable [way for North Korea to raise funds] is hacking and stealing funds through the internet.”

More Articles

DeFi News
SEC Charges DCG and Genesis, Fines $38M for Misleading Investors
Hassan Shittu
Hassan Shittu
2025-01-17 23:52:07
Bitcoin News
Wyoming and Massachusetts Propose Strategic Bitcoin Reserve Legislation
Hassan Shittu
Hassan Shittu
2025-01-17 22:13:33
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors