North Korean cyber attacks on Brazilian fintech companies exposed
Google Cloud's Threat Intelligence Unit has confirmed that North Korean government-sponsored cyber attackers are actively targeting Brazilian cryptocurrency exchanges and fintech companies.
A June 13 Google threat intelligence report highlighted coordinated attempts to hack, extort and defraud Brazilian individuals and organizations.
While North Korean groups mainly target cryptocurrency companies, aerospace and defense, and government entities, Chinese state-backed cybercriminals in Brazil prefer to target only government organizations and the energy sector.
The conspiracy behind the cyber attack in Brazil
The notorious North Korean cybercriminal group Pukchong (also known as UNC4899) has targeted Brazilian citizens and organizations in the labor market. They trick unsuspecting job seekers into downloading malware onto their systems. According to the report:
“The project was a trojanized Python application to extract cryptocurrency values that was modified to access an attacker-controlled domain to generate a secondary payment if certain conditions were met.”
Similar malware attacks by GoPix and URSA have been found actively targeting Brazilian crypto companies.
Check out Cointelegraph's guide to learn more about crypto malware and how to detect it.
Related: SEC Fines NYSE Parent Company $10M for Failure to Report Cyberattack
Cross-border attacks
Recently, crypto wallet provider TrustWallet asked Apple users to disable iMessage, citing a “trusted intel” zero-day exploit that could allow hackers to take control of users' phones.
A zero-day exploit is a cyber attack vector that exploits an unknown or unpatched security flaw in computer software, hardware, or firmware.
Cybersecurity company Kaspersky recently reported that North Korean hacking group Kimsuki used an “amazing” new malware variant dubbed “Durian” to attack South Korean crypto companies.
“Durian boasts comprehensive background functionality that enables the execution of sent commands, additional file downloads, and file scanning,” writes Kaspersky.
Additionally, Kaspersky said LazyLoad was used by Andariel, a sub-group within the same North Korean hacking syndicate Lazarus Group – suggesting a “troublesome” relationship between Kimsuki and the well-known hacking group.
Magazine: Lazar Group's Favorite Exploit Revealed – Crypto Hacks Analysis