Rather than spamming a broad range of targets with generic emails that invariably end up in junk folders, the UN says the North is posing as trusted senders and going after well-researched targets with a clear interest in crypto.
The report also specified that the attackers were using bona fide-looking links to what appeared to be breaking news stories about crypto to divert users onto sites where they attempted to harvest private and sensitive data.
Gina Kim, a Seoul-based IT security expert, told Cryptonews.com that tracing attacks back to Pyongyang was not always easy, but noted that “spear- and voice-phishing attacks are undoubtedly on the rise” in South Korea, and likely originated abroad in many instances. She explained:
“The most common way to target crypto users now appears to be to call or email unsuspecting account holders and claim to be an official from a bank or a crypto exchange.”
As there are only three banks and four crypto exchanges in the crypto space, and many users have accounts at multiple exchanges, this approach is quite often successful in finding targets, Kim stated. She said:
“Attackers look to panic people by telling them someone has accessed their account and is trying to drain it of funds. In that panicked state, some [South Koreans] have been duped into handing over login details and passwords.”
The UN also claimed that the North has been targeting the makers of coronavirus vaccines in a separate spate of attacks.
It added that Pyongyang has “maintained its nuclear and missile development program” in spite of the pandemic, which many international observers have claimed likely took a devastating toll on the country.
___
Learn more:
- UN: North Korea Turns Talented Children into Cryptocurrency Hackers
- South Korean Politician: North Has Stolen USD 310M in Crypto Since 2019
- North Korean Crypto Hackers Now Target Russian Defense Firms
- ‘North Korean’ Hackers Target Crypto Exchanges, Spread Viruses in Word Doc