Cryptocurrency, Fraud and Scams

Alleged Hackers from North Korea Installs Malware Thru MS Word

Buzz from experts has been going around to warn the public about “using fake job offer emails to dupe crypto exchange employees, ” allegedly set by North Korean hackers.

The malware reportedly created Pyongyang-based cyberterrorists for South Koreans, was hidden as malware in the most common work-office application: Microsoft Word.

According to an IT consultant based in Seoul, Gina Kim, there was a sure attack happening, but origins and culprits are yet to be determined.

“Although I can’t say for sure that they come from North Korea, malicious actors with impeccable Korean language skills are certainly now targeting employees at South Korean financial institutions including crypto exchanges with what look like bona fide job offers. The idea is to build up trust and eventually to get staff members to open malware-infested documents or apps on work computers. The days of the easy-to-spot spam email are dead,” she elaborated.

However, there were some security firms have unearthed evidence of North Korea campaigns that bull government bodies, financial institutions, crypto firms,

AHNLAB, the Security Response Center of South Korean security provider, confirmed that a “suspected North Korean hacker group” hidden as Kimsuki, has triggered a recent cyberattack campaign on several South Korean targets guise as a normal-looking Word document.

This file has reached government offices that operated and worked with North Korea-related affairs, universities, and more, and ostensibly contained North Korea-related information. When the user opened it, there would be subtle harm about to happen as it laced with malicious code that compromised devices and networks of the companies where it was opened.

As well, in recent new, F-Secure, a firm that recently claimed bogus job offers had become a new way to compromise trading platform staff, affirmed that it has proof against the Lazarus group who is the mastermind behind all these.

Matt Lawrence, F-Secure’s Global Lead for Incident Response, mentioned that “we have found similarities between these [recent cyberattacks] and previous Lazarus attacks. We are convinced that Lazarus is behind the latest cyberattacks because of these similarities.”

In recent times, Lazarus has surfaced to popularity as the North Korean hacker group believed to be behind the WannaCry ransomware attacks of 2018.

Leave a Comment

Leave a Reply