Tech 18 December 2017

Cecille de Jesus

ALERT: North Korean hackers are circulating an MS Word document to steal from crypto workers

SecureWorks says the attack is “state-sponsored.”

Beware: even Word documents are not safe.

The same cyber crime group that shook the world with the infamous WannaCry ransomware is on to even more mischief. Information security service firm SecureWorks reported that the Lazarus Group is now circulating a spearphishing scam disguised as a job advert targeting workers in the cryptocurrency industry. The attack has been observed since last year, but attempts as recent as last month have also been seen.

The malware is being circulated through an email of a fake job advert, where a seemingly innocent Microsoft Word document attached to the email reportedly triggers the installation of a “Remote Access Trojan” inconspicuously in the background.

ALERT: North Korean hackers are circulating an MS Word document to steal from crypto workers

In an interview with Business Insider, SecureWorks senior security researcher Rafe Pilling says the malware assesses whether a particular computer is worth pillaging before possibly downloading more malware to assist in its operations.

“The malware that’s downloaded is the first stage RAT that gives them basic systems survey capability and the ability to download further malware if they find they’ve landed an interesting target,” Pilling said.

It is unclear if the malware has claimed any victims, and if so, how much the damage is. But SecureWorks says the operation is a big one:

“There’s a significant capability behind this threat actor — we’re not talking about five people in a room.”

Pilling believes the campaign was backed by the government, seeing as such operations in tightly controlled North Korea would be practically impossible—unless the government instigated it.  The Lazarus Group has also previously been linked to the North Korean government’s operations.

“North Korea is perhaps unique in that there’s such tight control over all forms of communication,” Pilling said. “We don’t believe there’s anything that state organised cyber activity that comes out of that country. We would see it as having some degree of state direction or state approval.”

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.

Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.

COMMENT

latest news

Dr. Craig Wright on the ‘perfect’ firewall

Tech 8 hours ago

Dr. Craig Wright on the ‘perfect’ firewall

Dr. Craig Wright explains that Bitcoin does not need to be perfectly secure and that there is no such thing, but it needs to be resilient and available.

Read More
Blockchain legal experts in very high demand, report reveals

Tech 9 hours ago

Blockchain legal experts in very high demand, report reveals

It’s difficult to keep up with the demand for lawyers with knowledge on blockchain technology and other associated practices such as digital privacy, according to a report by Law.com.

Read More
Pakistan eyes blockchain for digitalization of government processes

Tech 18 April 2019

Pakistan eyes blockchain for digitalization of government processes

A meeting chaired by Pakistan Prime Minister Imran Khan discussed ways in which technologies such as blockchain could be used to ensure efficiency of government processes.

Read More
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]