North Korean state-backed hackers are ramping up efforts to target cryptocurrency firms with an insidious new campaign, “Hidden Risk,” revealed in a recent SentinelLabs report. This operation is connected to BlueNoroff, a subgroup of thenotorious Lazarus Group, known for cyber campaigns that fund North Korea’s nuclear ambitions.
In the “Hidden Risk” campaign, hackers are moving beyond social media grooming, where they would build trust over time through platforms like LinkedIn. Instead, they are using phishing emails masked as legitimate crypto news. These emails, disguised as updates on Bitcoin prices or news on decentralized finance (DeFi) trends, urge recipients to open what appear to be PDF files. However, these links do not open news articles; instead, they download malware.
Let us picture a scenario to understand this. You open your inbox and see an email with the subject, ‘Bitcoin Surge: What Investors Need to Know.’ Curious, you click on the attachment expecting market insights. The moment you click the attachment, the malware implants on your system. All that is required is to click on the attached file once. The infection is worrisome as it bypasses Apple’s built-in Gatekeeper security by the use of genuine Apple Developer IDs, which allows it to work stealthily.
Once installed, the malware can continue to communicate with the hackers’ remote servers, potentially siphoning off critical data or funds from cryptocurrency firms. The attackers are also impersonating well-known scholars. They send messages that replicate actual research, like one about Bitcoin ETFs. These hackers make their tricks seem more believable by using real research names.
The FBI has raised concern over increased risks to employees at DeFi and ETF firms, and experts advise macOS users to solidify their defenses, ensuring strict scrutiny over email content. The fast-growing, under-regulated crypto industry presents ripe opportunities for cybercriminals, and the “Hidden Risk” campaign is just one of many in North Korea’s expanding arsenal.
