Cyber criminals linked to the North Korean government are attempting to steal bitcoin from banks and cryptocurrency owners, security researchers has revealed.
McAfee analysts have identified a new phishing campaign, dubbed HaoBao, which is believed to be the continuation of an existing attack by the notorious Lazarus Group.
In the new campaign, Lazarus hackers pose as recruiters and encourage targets to open attachments that scan for bitcoin activity and establish an implant for data-gathering.
“On January 15, McAfee ATR discovered a malicious document masquerading as a job recruitment for a Business Development Executive located in Hong Kong for a large multi-national bank,” the analysts said.
“This is the mark of a new campaign, though it utilizes techniques, tactics and procedures observed in 2017,” they added.
Their phishing campaign lured victims into downloading malware that masquerades as an ad for a CFO role at a London-headquartered cryptocurrency firm.
Lazarus hackers shot to prominence in 2014 when they crippled Sony Pictures’ computer network ahead of the release of The Interview, a satire on the leadership of the North Korean government. They have since been linked to the WannaCry ransomware attack that paralysed the NHS and thousands more organisations in May.