It’s not a group of 1980s rappers, it’s North Korea’s second most notorious hacking gang.
A group of North Korean hackers is engaged in a massive campaign targeting U.S. financial institutions and cryptocurrency exchanges around the world — with US authorities warning of the high level of threat it poses to the country.
According to an alert issued by the U.S. Department of Homeland Security (DHS), agencies including the FBI, the U.S. Cyber Command, and the Department of the Treasury are moinotiring the resurgence of the North Korea-sponsored hacking group, BeagleBoyz.
The hackers have not been as active in the last few years as the notorious Lazarus Group – another hacking group from the hermit regime. However, they are reportedly responsible for stealing $2 billion since at least 2015, mostly related to “lucrative cryptocurrency thefts,” said the US DHS.
The group appears to have restructured its team earlier this year, according to the latest findings, and have developed new “irreversible methods of theft” to target crypto exchanges.
Malware that the BeagleBoyz plan to use includes COPPERHEDGE – a remote access tool employed by sophisticated threat groups to target crypto exchanges. The tool can run commands on compromised systems and exfiltrate stolen data.
Speaking with Cointelegraph, Erich Kron, security awareness advocate at cybersecurity firm KnowBe4, said the group was well organized and targeted ATMs as well as exchanges.
“The ATM cash out schemes are interesting, as they are often well organized and can include many accomplices around the world working together to make large withdrawals simultaneously,” he said. In contrast, delivering malware to exchanges was usually pretty basic he said:
“The use of phishing emails and LinkedIn connections demonstrate how the initial attacks are often done using low-tech social engineering schemes, then move into more high-tech techniques once in the network.”
According to a report released by the Finnish cybersecurity and privacy firm, F-Secure, the latest Lazarus Group attack was made through a crypto-related job advert on LinkedIn.
Their investigation indicated that an individual working in the blockchain space received a phishing message that mimicked a legitimate blockchain job listing.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.