North Korean hackers are trying to break into crypto accounts by sending bogus job offers, a security provider has claimed.
The claims were made in a post by Proofpoint, a California-based security provider, and reported by the South Korean media outlets KBS and TVChosun.
Proofpoint claimed that a group named TA444 was behind the latest hacking drive. It called TA444 “a North Korea-sponsored advanced persistent threat group” that is “likely tasked with generating revenue for the North Korean regime.”
And the provider claimed that while TA444 was “historically involved in the targeting of banks,” it has “more recently [...] turned its attention to cryptocurrency.”
The provider also claimed that TA444 “mirrors” capitalist “startup culture” in “its devotion to the dollar and to the grind.”
This has reportedly seen the group target individuals with emails whose attachments are laced with malicious code that can eventually allow them to access crypto wallets.
Proofpoint gave what it stated were examples of this – showing screenshots of emails that featured PDF attachments referring to “salary adjustments.”
Similar files seemingly offering paid employment are also common, the security firm added.
“A444 has a complete marketing strategy to increase its chances of new [...] revenue. It starts with crafting lure content. These can include analyses of cryptocurrency blockchains, job opportunities at prestigious firms, or salary adjustments.”
And, it added, TA444 has begun a “large-scale phishing attack” that targets the financial, education, government, and healthcare sectors in the United States and Canada.
The group reportedly started stepping up its offensive in December last year. And it has also allegedly been targetingRead more on cryptonews.com