Cyber criminals linked to the North Korean government are attempting to steal bitcoin from executives in the cryptocurrency industry, according to new research.
Their phishing campaign, exposed by Secureworks, lures victims into downloading malware that masquerades as an ad for a CFO role at a London-headquartered cryptocurrency firm.
Once the malware – known as a remote access trojan – has been executed, it is able to download further viruses and steal data from the user’s computer.
“They will probably be looking to target bitcoin rich individuals and steal their wallets,” Rafe Pilling, a researcher at Secureworks, told NS Tech.
He added that it was likely the Lazarus hackers thought to be behind the attack are working for the North Korean government.
“Unlike most countries in the world, communications in North Korea are very tightly controlled,” he said. “It’s hard to believe that anything happens that isn’t state-controlled.”
Pilling and his colleagues concluded that the campaign, which was analysed last month, was the continuation of activity first spotted in 2016. They do not know if any targets downloaded the malware.
“Given the current rise in bitcoin prices, [Secureworks] suspects that North Korea’s interest in cryptocurrency remains high and is likely continuing its activities surrounding the cryptocurrency,” the firm said in a statement.
Secureworks identified several parallels between the code used in this attack with previous campaigns operated by the Lazarus group.
Lazarus hackers shot to prominence in 2014 when they crippled Sony Pictures’ computer network ahead of the release of The Interview, a satire on the leadership of the North Korean government. They have since been linked to the WannaCry ransomware attack that paralysed the NHS and thousands more organisations in May.