According to a report by US-based cyber security firm SecureWorks, a hacker collective called Lazarus Group is believed to be conducting spearphishing attacks against the people who work in the cryptocurrency industry as an attempt to steal Bitcoin.
The attacks are attempted via email luring the victims for a CFO job at a Europe-based cryptocurrency company. A malicious Word file is included in the emails which require the victim to allow edit permissions. In the background, it installs a trojan to control their machine remotely.
Lazarus Group is assumed to be associated with the North Korean government. The researchers have tied the group’s – internally tracked as NICKEL ACADEMY – strings with past attacks involving an $81 million bank robbery in Bangladesh and the cyber attack on Sony’s Hollywood Studio in 2014.
The security firm’s researchers found that North Korea was interested in Bitcoins since 2013. Back then, multiple usernames from a North Korean IP address were doing Bitcoin research while hiding behind proxy servers. Unfortunately, the proxy servers failed, revealing the actual originating IP.
It was October 25 when the most recent attacks are known to have happened, but SecureWorks has observed similar activities as early as 2016. The firm believes that the spearphishing campaign is still ongoing and reports in the coming future would provide a better picture of the situation.