Google Cloud’s threat intelligence division has uncovered that cyber attackers supported by the North Korean government are actively focusing on Brazil’s cryptocurrency exchanges and fintech companies. The report published on June 13 by Google’s threat intelligence team revealed organized efforts to hijack, extort, and deceive Brazilian individuals and organizations.
While North Korean groups concentrate mainly on cryptocurrency firms, aerospace and defense, and government entities, cyber criminals with the backing of the Chinese government prefer to target only government organizations and the energy sector in Brazil.
The strategy behind the cyberattacks in Brazil involves the notorious North Korean cybercriminal group Pukchong, also known as UNC4899, who have been targeting Brazilian citizens and organizations through the guise of job opportunities. They have been deceiving unsuspecting job seekers into downloading malware onto their systems. The report also mentioned similar malware attacks carried out by GoPix and URSA, which have been actively targeting Brazilian cryptocurrency firms.
In addition to this, government-backed phishing attacks have been aimed at Brazil as well, as highlighted by Google Cloud.
Recently, Trust Wallet, a crypto wallet provider, advised Apple users to disable iMessage due to a zero-day exploit that could potentially allow hackers to take control of users’ phones.
A zero-day exploit is a type of cyberattack that exploits an unknown or unpatched security vulnerability in computer software, hardware, or firmware.
Kaspersky, a cybersecurity firm, revealed that a North Korean hacking group called Kimsuky utilized a new malware variant named “Durian” to target South Korean cryptocurrency firms. Durian is equipped with a comprehensive backdoor functionality that enables the execution of commands, file downloads, and file exfiltration.
Furthermore, Kaspersky noted that LazyLoad was also used by Andariel, a subgroup within the Lazarus Group, another North Korean hacking consortium. This suggests a potential connection between Kimsuky and the more infamous Lazarus Group.
For more insights into crypto malware and how to detect it, you can refer to Cointelegraph’s guide.