North Korea Is Targeting Crypto Users with Spear-Phishing Attacks, Says UN
Per Newsis and SBS, the UN says that it has seen evidence that Pyongyang-linked hackers and state-sponsored crypto thieves are “primarily using social media platforms to identify targets and attempt initial contact” with crypto holders.
Rather than spamming a broad range of targets with generic emails that invariably end up in junk folders, the UN says the North is posing as trusted senders and going after well-researched targets with a clear interest in crypto.
The report also specified that the attackers were using bona fide-looking links to what appeared to be breaking news stories about crypto to divert users onto sites where they attempted to harvest private and sensitive data.
Gina Kim, a Seoul-based IT security expert, told Cryptonews.com that tracing attacks back to Pyongyang was not always easy, but noted that “spear- and voice-phishing attacks are undoubtedly on the rise” in South Korea, and likely originated abroad in many instances. She explained:
“The most common way to target crypto users now appears to be to call or email unsuspecting account holders and claim to be an official from a bank or a crypto exchange.”
As there are only three banks and four crypto exchanges in the crypto space, and many users have accounts at multiple exchanges, this approach is quite often successful in finding targets, Kim stated. She said:
“Attackers look to panic people by telling them someone has accessed their account and is trying to drain it of funds. In that panicked state, some [South Koreans] have been duped into handing over login details and passwords.”
The UN also claimed that the North has been targeting the makers of coronavirus vaccines in a separate spate of attacks.
It added that Pyongyang has “maintained its nuclear and missile development program” in spite of the pandemic, which many international observers have claimed likely took a devastating toll on the country.
Back to the list