[Asia Economy Reporter Kwon Haeyoung] An analysis by a U.S. security firm revealed that North Korean hacker groups are using tactics such as sending emails with 'job offers' or 'salary adjustments' to steal cryptocurrency.
According to major foreign media on the 25th (local time), U.S. information technology (IT) security firm Proofpoint recently released a report containing these details.
The report introduced various methods used by North Korean hackers to steal cryptocurrency. According to Proofpoint, the North Korean hacker group TA444 launched a large-scale phishing attack targeting the financial, education, government, and healthcare sectors in the U.S. and Canada in December last year.
TA444, which overlaps with Lazarus, a North Korean hacking group well known, used different tactics to obtain users' passwords and login information. Moving away from the previous method of directly distributing malicious programs, they used emails to evade phishing filters and approached targets with content such as job offers or salary adjustments. They also relied on the social media networking service LinkedIn to contact users.
Proofpoint analyzed that the spam emails sent by TA444 in December last year were nearly twice the number of emails sent throughout the entire previous year. The report estimated that this group stole cryptocurrency assets worth nearly $400 million (about 490 billion KRW) in 2021 and accumulated over $1 billion (about 1.24 trillion KRW) last year.
Under strong international sanctions, North Korea is turning to cybercrime such as hacking to earn foreign currency. According to the U.S. Federal Bureau of Investigation (FBI), North Korean-linked hacking groups Lazarus and APT38 stole $100 million (about 120 billion KRW) in cryptocurrency from a U.S. blockchain company last year.
Greg Lesnewich, senior researcher at Proofpoint, analyzed, "TA444 has a startup mindset" and "is testing various (malware) infections that help with hacking." He added, "They quickly devise new attack methods using social media," and "TA444 is bringing in launderable funds and leading North Korea's cash supply."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
