As cryptocurrency prices continue to increase, digital funds are attracting the attention of both investors and cybercriminals alike. According to cybersecurity firm Secureworks, the latter category includes The Lazarus Group, the notorious North Korea-linked hackers behind the 2014 Sony Pictures hack, WannaCry ransomware, and the $80 million Bangladesh bank heist.
Secureworks said it had monitored a targeted spear phishing campaign that tried to trick employees at cryptocurrency firms into opening emails disguised as job adverts for a CFO role at a London company.
The email contained a Microsoft Word document, which, when opened, informed users they needed to enable editing. Doing so would allow a hidden macro to install a Remote Access Trojan that takes control of a victim’s PC. It also creates a separate decoy document with a description of the job opening, which seems to be based on the LinkedIn profile of an actual cryptocurrency firm’s CFO.
The similarities between this campaign and previous attacks by The Lazarus Group have led Secureworks to place the blame on the North Korean hackers with “high confidence.”
Attempts have been monitored as recently as November, with analysts noting activity as early as 2016. It’s unclear if any targets have fallen for the scam.
“Given the current rise in bitcoin prices, CTU suspects that North Korea’s interest in cryptocurrency remains high and (it) is likely continuing its activities surrounding the cryptocurrency,” Secureworks said in a statement to Reuters.
Separately, the BBC reports that North Korea stole $7 million worth of Bitcoins, now worth around $82.7 million, via a Bithumb employee’s home PC back in February. The hackers also demanded $5.5 million from Bithumb in exchange for deleting traders’ personal data.
South Korea recently announced that it aims to crack down on speculative investment and digital currencies being used in crimes through the introduction of strict cryptocurrency trading laws.