North Korean cryptocurrency hackers expand target list

North Korean cryptocurrency hackers expand target list | CyberScoop Skip to main content Advertisement Advertisement

Subscribe to our weekly newsletter.

Subscribe Close Researchers say that a North Korean hacking group known for cryptocurrency heists is widening its aim (Getty Images)

North Korean hackers known for cryptocurrency heists are expanding their targets to include education, government and healthcare, according to researchers tracking the group. The activity could be a sign that the group, which is suspected in two high-profile cryptocurrency hacks in 2022, may have even bigger plans for 2023.

Researchers at the cybersecurity firm Proofpoint observed in early December a massive wave of phishing emails from a cluster of North Korea-related hacking activity linked to TA444, the firm’s name for the group. The latest campaign, which blasted more emails than researchers attributed to that group in all of 2022, tried to entice users to click a URL that redirected to a credential harvesting page.

Proofpoint could not disclose the specifics about targets for confidentiality reasons, but most related to finance in some way. Documents attached in the emails included titles like “Profit and Loss,” “Invoice and statement receipts” and “Salary adjustments.” The malicious emails also included lures mentioning “analyses of cryptocurrency blockchains, job opportunities at prestigious firms, or salary adjustments” according to the report. To help avoid phishing detection tools, TA444

Read more

Explore the site

More from the blog

Latest News