Hackers in North Korea have installed new code across a wide array of apps as a means of breaking into digital currency exchanges and related companies.
North Korea Is Up to Its Same Old Tricks
The nation has long played host to notorious hacking groups such as Lazarus, which are eagerly seeking new ways to garner cryptocurrencies illicitly through malware, cyberattacks, and related means so they can have the funds necessary to continually build out the nation’s ongoing nuclear program.
Thus far, North Korea has attacked a wide array of regions across the world including several Asian countries, European countries, and the U.S. It’s estimated that North Korea has made off with well over a billion dollars’ worth of digital currency to boost its nukes.
Researchers at Russian cybersecurity firm Kaspersky identified a small number of crypto-focused businesses and enterprises that fell victim to 3CX software supply-chain attacks, all of which unfolded during either early April or late March. While none of the companies have been named at the time of writing, Kaspersky has commented they’re all based in “western Asia.”
Georgy Kucherin – a researcher at Kaspersky – put out a statement following the attacks and his company’s research study. He said:
This was all just to compromise a small group of companies, maybe not just in cryptocurrency, but what we see is that one of the interests of the attackers is cryptocurrency companies. Cryptocurrency companies should be especially concerned about this attack because they are the likely targets, and they should scan their systems for further compromise.
The malware North Korea is using could affect as many as 600,000 separate businesses according to the research conducted by Kaspersky. Kucherin further said the cyberthreats emerging from North Korea are getting bigger and bigger. He commented:
This is becoming very common. During supply-chain attacks, the threat actor conducts reconnaissance on the victims, collecting information, then they filter out this information, selecting victims to deploy a second-stage malware.
The good news, he mentioned, is that many of the attacks (or attempted attacks, at least) have been relatively easy to spot. He says North Korea likes to think it can stay hidden in the shadows, but that at the end of the day, many of its methods come off as amateur. He said:
They tried to be stealthy, but they failed. Their first-stage implants were discovered.
It’s not Just Crypto Companies in Danger
Despite this, Tom Hegel – a security researcher with Sentinel One – commented that it would be a mistake to assume only crypto companies have been targeted thus far, and the cyberattacks still pose certain dangers in that not all of them have been uncovered yet. He said:
The current theory at this point is that the attackers did initially target crypto firms to get into those high-value organizations.