Another North Korean cryptocurrency-related hack trick spotted
The natural reaction of a person who received a letter from the cryptocurrency company in London with job offer is to read this offer. Knowing this, the North Korean hackers decided to pose as the chief financial officer of this company and infected the fake document, while telling the potential victims to enable content and editing due to the difference of the versions of the user’s Microsoft Word and the same program of the one who sent the letter. Bloomberg notes that most users would immediately get they are being fooled, but some people may still fall for this.
The connection of cryptocurrencies here is not just because these hackers are posing as a fintech company. According to the experts from Secureworks, the malicious code in the infected document has similarity to viruses attributed to the North Korean government-backed hacker team called Lazarus Group. It is also responsible for that Sony Pictures Entertainment hacks after the company decided to release a comedy about Kim Jong-un, and, of course, the WannaCry attack is their work too.
The WannaCry attack is by far one of the most infamous examples how cryptocurrency can be used for malicious purposes: the software blocking the user files demanded ransom for them in bitcoins, and after that, the hackers decided to convert funds in Monero — altcoin with some very good means of anonymization.