Tech 12 months ago

Cecille de Jesus

ALERT: North Korean hackers are circulating an MS Word document to steal from crypto workers

SecureWorks says the attack is “state-sponsored.”

Beware: even Word documents are not safe.

The same cyber crime group that shook the world with the infamous WannaCry ransomware is on to even more mischief. Information security service firm SecureWorks reported that the Lazarus Group is now circulating a spearphishing scam disguised as a job advert targeting workers in the cryptocurrency industry. The attack has been observed since last year, but attempts as recent as last month have also been seen.

The malware is being circulated through an email of a fake job advert, where a seemingly innocent Microsoft Word document attached to the email reportedly triggers the installation of a “Remote Access Trojan” inconspicuously in the background.

ALERT: North Korean hackers are circulating an MS Word document to steal from crypto workers

In an interview with Business Insider, SecureWorks senior security researcher Rafe Pilling says the malware assesses whether a particular computer is worth pillaging before possibly downloading more malware to assist in its operations.

“The malware that’s downloaded is the first stage RAT that gives them basic systems survey capability and the ability to download further malware if they find they’ve landed an interesting target,” Pilling said.

It is unclear if the malware has claimed any victims, and if so, how much the damage is. But SecureWorks says the operation is a big one:

“There’s a significant capability behind this threat actor — we’re not talking about five people in a room.”

Pilling believes the campaign was backed by the government, seeing as such operations in tightly controlled North Korea would be practically impossible—unless the government instigated it.  The Lazarus Group has also previously been linked to the North Korean government’s operations.

“North Korea is perhaps unique in that there’s such tight control over all forms of communication,” Pilling said. “We don’t believe there’s anything that state organised cyber activity that comes out of that country. We would see it as having some degree of state direction or state approval.”

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.
Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Satoshi Vision (BSV) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BSV is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

COMMENT

Meltdown & Spectre: What you need to know as a crypto user - SV Pool

[…] The Meltdown & Spectre exploits may be initiated from remote or physical instances, compromising a computer’s memory architecture to access previously protected areas, while also decoding and reading privileged data without permission. This access to sensitive data embedded into a computer’s security provides leverage to a potential hacker, who may use the info extracted for financial gain, as is the case with recent hackings in the crypto sphere. […]

Your comment is awaiting moderation.

Meltdown & Spectre: What you need to know as a crypto user

[…] This process of speculative execution won’t affect program behaviors, but the research team behind Google Project Zero suggests that it can modify the processor’s state. This modification can be seen by looking into the differences in duration between certain operations. By comparing the time between these operations, one process can derive properties of data belonging to another process. This kind of info can then be used to directly extract and deploy passwords stored in a browser. What’s more, because it’s already leaked, info accessed through this process can bypass existing protections such as address space layout randomization (ASLR), enabling JavaScript exploits using buffer overflows to perform better. The Meltdown & Spectre exploits may be initiated from remote or physical instances, compromising a computer’s memory architecture to access previously protected areas, while also decoding and reading privileged data without permission. This access to sensitive data embedded into a computer’s security provides leverage to a potential hacker, who may use the info extracted for financial gain, as is the case with recent hackings in the crypto sphere. […]

Your comment is awaiting moderation.

South Korean exchanges blame North Korea for recent crypto-heists

[…] a warning about a fake job advert targeting cryptocurrency industry professionals through email—a seemingly harmless Microsoft Word attachment triggers the installation of a Remote Access Trojan (RAT) that snoops around the victim’s system […]

Your comment is awaiting moderation.

Add a Comment

lastest news

New York Media integrates blockchain in publishing platform

Tech 11 hours ago

New York Media integrates blockchain in publishing platform

New York Media, whose sites include New York Magazine and Slate, is collaborating with Po.et, a blockchain protocol for creative content management. According to a press statement, the partnership will involve integration of blockchain technology ...

Read More
PayPal rolls out blockchain rewards scheme for staff

Tech 1 day ago

PayPal rolls out blockchain rewards scheme for staff

Payments giant PayPal has become the latest company to deploy blockchain technology, in this case as a means of delivering a new incentive platform for the company’s employees, financial news outlet Cheddar reported. Launched in ...

Read More
Latest Mastercard patent filing covers anonymous blockchain transactions

Tech 1 day ago

Latest Mastercard patent filing covers anonymous blockchain transactions

Prolific patent filer Mastercard has applied for protection of yet another blockchain innovation—a platform that would allow anonymous blockchain transactions, using a somewhat familiar method. In what has been likened to a coin mixing or ...

Read More