North Korea Engaging in Cryptocurrency Phishing Attacks

In an effort to bolster their weak economy, the regime of North Korea is engaging in cryptocurrency phishing attacks through The Lazarus Group. It appears that bad boys will always continue to be bad boys. Just look at North Korea. The totalitarian, communist state has long used espionage attacks to harm their rivals (notably South […]
In an effort to bolster their weak economy, the regime of North Korea is engaging in cryptocurrency phishing attacks through The Lazarus Group. It appears that bad boys will always continue to be bad boys. Just look at North Korea. The totalitarian, communist state has long used espionage attacks to harm their rivals (notably South […]

In an effort to bolster their weak economy, the regime of North Korea is engaging in cryptocurrency phishing attacks through The Lazarus Group.


It appears that bad boys will always continue to be bad boys. Just look at North Korea. The totalitarian, communist state has long used espionage attacks to harm their rivals (notably South Korea and Japan) while also looking to gain technological, military, and political information. Now their attacks have been going after Bitcoin and other cryptocurrencies to help bring in some much needed money into the state’s empty coffers. Their latest attempt is that the country is using cryptocurrency phishing attacks to get their grubby mitts on some coins.

Heading Down to the Phishing Hole to Catch Some Coins

The phishing attacks by North Korea are targeting executives of cryptocurrency companies. As ZDNet reports, the attacks are being carried out by The Lazarus Group, a notorious hacker group that authorities believe to be strongly tied to the North Korean regime.

The Lazarus Group has committed some notable crimes, such as the WannaCry ransomware attacks, hacking Sony, and stealing $81 million through cyberspace from the Bangladesh Central Bank. Their latest scam is sending crypto executives an email about an open Chief Financial Officer position that contains an infected Microsoft Word document.

Don’t Open That Attachment!

One would hope that an executive for a cryptocurrency company would be savvy enough to not open an attachment from somebody that they don’t know. If a person opened the document attachment, it would trigger malware that would enable access to the victim’s computer.

The email tells the victim that they need to enable editing to see the document. If the user does so, then the malware fires up. As the victim reads a decoy document for the fake CFO position, whose information is stolen directly from a LinkedIn posting, a remote access trojan is installed. Access is then gained and the hackers can go to work.

Rafe Pilling, senior security researcher at Secureworks, says of these new phishing attacks:

The interesting thing here is that the technique and the tactics being used since last summer mark a change in the nature of the lure and the nature of the targeting. Previously, Lazarus used defence-themed lures to target defence organisations, but now they’re using bitcoin-themed lures to target financial companies.

There’s no word on if any of these phishing scams have been successful. The attacks started in late October and have been ongoing ever since.

North Korea has been pretty active over the last couple of years in going after Bitcoin and other cryptocurrencies. They’ve gone after several South Korean exchanges, and they’ve even gone heavily into Bitcoin mining. It’s no secret that North Korea needs money, and the meteoric rise of Bitcoin gives them something extremely valuable that they can steal online. As long as virtual currencies continue to gain in value, you can bet North Korea will keep doing their best to steal as much as they can.

What do you think about these cryptocurrency phishing attacks? Have you ever opened a document from an unknown person? Let us know in the comments below.


Images courtesy of Pixabay and Bitcoinist archives.