North Korean Cybercriminals Target Brazilian Crypto Exchanges: Google Cloud Report
Summary:
Google Cloud's threat intelligence team reveals that North Korean government-backed cyber attackers are frequently targeting Brazil's cryptocurrency exchanges and fintech firms. The notorious North Korean cybercriminal group, Pukchong, is responsible for several attacks, manipulating job seekers into downloading harmful software. Similarly, crypto firms have been targeted by disruptive malware attacks conducted by GoPix and URSA. Furthermore, Trust Wallet and Kaspersky warn of new exploits and malware variants that could compromise users' control of their devices.
According to Google Cloud's threat intelligence team, Brazil’s cryptocurrency exchanges and fintech businesses are being actively pursued by cyber attackers linked to the North Korean government. In their report published on June 13, Google identified a series of efforts to defraud and extort Brazilian people and organizations. The intelligence was provided by Mandiant, a Google Cloud subsidiary.
These North Korean factions primarily focus on crypto enterprises, however, they also have interests in aerospace and defense as well as governmental entities. By comparison, cybercriminals associated with the Chinese government aim their attacks solely at Brazil's government bodies and the energy sector.
The report reveals a notorious North Korean cybercriminal group, also known as UNC4899 or Pukchong, has lured Brazilian job seekers into downloading harmful software onto their systems via the job market. This specific project involved a manipulated Python application used to track cryptocurrency prices that could then launch a second-stage payload from an attacker-controlled domain, should certain conditions be met.
Crypto firms in Brazil have also been targeted by similarly disruptive malware attacks conducted by GoPix and URSA. To learn more about detecting cryptographic malware, refer to Cointelegraph’s comprehensive guide.
In related news, the parent company of the New York Stock Exchange was fined $10M by the SEC for not reporting a cyberattack.
In light of these cross-border attacks, Trust Wallet, a crypto wallet provider, recently asked iPhone users to turn off iMessage. This is due to what the provider called 'credible intel' hinting at a possible zero-day exploit, an attack that leverages an unidentified or unhandled security vulnerability in computer software or firmware, capable of giving hackers control over users' mobile devices.
A newly discovered malware variant, named "Durian," has been identified by cybersecurity company Kaspersky, reportedly being used by the North Korean hacking group Kimsuky to target South Korean crypto firms. The all-in-one "backdoor" malware allows for the execution of commands, download of additional files, and data extraction, Kaspersky revealed.
Additionally, Andariel, a sub-group of the infamous North Korean hacking consortium Lazarus Group, was reported to have used LazyLoad, hinting at a possible connection between Kimsuky and the Lazarus Group. For an in-depth analysis of the Lazarus Group’s preferred means of exploitation, consult our recent magazine article.
Published At
6/13/2024 1:34:33 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.