North Korean threat actor targets cryptocurrency with new … – SiliconANGLE News

UPDATED 09:00 EST / JANUARY 25 2023
by Duncan Riley
A new report from Proofpoint Inc. today details a revamped state-sponsored North Korean threat actor that has been actively targeting cryptocurrency holders and exchanges using new methodologies.
Dubbed TA444, the group has been active since at least 2017 and in 2022 turned its attention to cryptocurrency. It has overlaps with public activity from groups that include APT38, Bluenoroff, BlackAlicanto, Stardust Chollima and COPERNICIUM, and it’s believed to be tasked with funneling funds to North Korea or its handlers abroad.
North Korean hacking groups are not new, but what makes TA444 interesting is that the group uses a wider variety of delivery methods and payloads than previously seen. The group also uses blockchain-related lures, fake job opportunities at prestigious firms and salary adjustments to trap victims.
When first spotted taking an interest in blockchain and cryptocurrency, TA444 used two attack vectors for initial access: an LNK-oriented delivery chain and a chain beginning with documents using remote templates. The campaigns were typically referred to as DangerousPassword, CryptoCore or SnatchCrypto.
More recently, TA444 has continued to use both methods but has diversified into other methods for initial access. Despite not having used them in previous campaigns, TA444 started using macros in the fall, attempting to find additional file types to stuff its payloads into.
While jokingly suggesting that TA444 may have held a hackathon to develop new hacking ideas, the researchers also note that as equally surprising as the variance in delivery methods is a lack of consistent payload at the end of delivery chains.
Traditionally, when financially oriented threat actors test delivery methods, which is what TA444 appears to be doing, they usually deliver consistent payloads. However, this is not the case with TA444, which uses different payloads, suggesting that it has an embedded, or even a devoted development team designing new forms of malware.
“With a startup mentality and a passion for cryptocurrency, TA444 spearheads North Korea’s cashflow generation for the regime by bringing in launderable funds,” Greg Lesnewich, senior threat researcher at Proofpoint, told SiliconANGLE. “This threat actor rapidly ideates new attack methods while embracing social media as part of their MO.”
Lesnewich warns that TA444 has taken “its focus on cryptocurrencies to a new level and has taken to mimicking the cybercrime ecosystem by testing a variety of infection chains to help expand its revenue streams.”
Click here to join the free and open Startup Showcase event.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.
Click here to join the free and open Startup Showcase event.
Digital health insurance startup Angle Health closes on $58M round of funding
Integrated testing platform startup AtomicJar raises $25M
North Korean threat actor targets cryptocurrency with new methodologies
Crowdbotics raises $40M to turn ‘ideas into code’ with managed app development platform
CoreWeave acquires cloud rendering startup Conductor
Gemba, a VR startup that’s creating a metaverse for workforce training, raises $18M in funding
Digital health insurance startup Angle Health closes on $58M round of funding
CLOUD – BY MIKE WHEATLEY . 1 MIN AGO
Integrated testing platform startup AtomicJar raises $25M
CLOUD – BY DUNCAN RILEY . 1 MIN AGO
North Korean threat actor targets cryptocurrency with new methodologies
SECURITY – BY DUNCAN RILEY . 1 MIN AGO
Crowdbotics raises $40M to turn ‘ideas into code’ with managed app development platform
APPS – BY KYT DOTSON . 1 MIN AGO
CoreWeave acquires cloud rendering startup Conductor
CLOUD – BY MARIA DEUTSCHER . 2 HOURS AGO
Gemba, a VR startup that’s creating a metaverse for workforce training, raises $18M in funding
EMERGING TECH – BY MIKE WHEATLEY . 5 HOURS AGO
Forgot Password?
Like Free Content? Subscribe to follow.

source

Image - ThumbHow To Make Huge Profits In A Short Time With Crypto
Get detailed training system that shows an absolute beginner (without any skill) how to make huge profits in a short time with crypto.
Image - ThumbCrypto + NFT Quick Start Course
The #1 course for profit in the Crypto & NFT world - You will discover the secrets that 99% of people don’t know yet

About the Author: admin

You might like

Leave a Reply

Your email address will not be published. Required fields are marked *