A recent report from Google Cloud’s threat intelligence department has revealed that cyber attackers backed by the North Korean government are actively targeting cryptocurrency exchanges and fintech companies in Brazil. The report, released on June 13, highlighted coordinated efforts to hijack, extort, and defraud individuals and organizations in the country.
While North Korean groups focus on targeting cryptocurrency firms, aerospace and defense companies, and government entities, cyber criminals supported by the Chinese government prefer to attack government organizations and the energy sector in Brazil.
The North Korean cybercriminal group Pukchong, also known as UNC4899, has been targeting Brazilian citizens and organizations through deceptive job postings. They have been tricking unsuspecting job seekers into downloading malware onto their systems. Additionally, other groups like GoPix and URSA have been actively targeting Brazilian crypto firms with similar malware attacks.
In a related development, Trust Wallet, a crypto wallet provider, recently warned Apple users to disable iMessage due to credible intelligence about a zero-day exploit that could allow hackers to take control of users’ phones. A zero-day exploit is a cyberattack method that exploits an unknown or unpatched security vulnerability in computer software, hardware, or firmware.
Kaspersky, a cybersecurity firm, uncovered that the North Korean hacking group Kimsuky has been using a new malware variant called “Durian” to target South Korean crypto firms. Durian has a comprehensive backdoor functionality that allows for the execution of commands, file downloads, and file exfiltration. Kaspersky also noted the use of LazyLoad by Andariel, a sub-group of the Lazarus Group, which has connections to Kimsuky.
Overall, the report highlights the increasing threat of cyberattacks targeting the cryptocurrency industry and the need for enhanced cybersecurity measures to protect individuals and organizations from malicious actors.