North Korean hackers said to target crypto startups in months-long cybercrime campaign

Hacks • January 13, 2022, 2:07PM EST
Partner offers
The Block may may earn a commission if you use our partner offers, at no extra cost to you.

A Thursday report from the Russian cybersecurity firm Kaspersky Labs identified North Korean hackers behind sophisticated phishing and social engineering attacks targeting cryptocurrency startups.

Kaspersky internally identified the North Korean hackers as BlueNoroff, who have stolen over $1.1 billion from financial institutions worldwide, according to the US Treasury Department. BlueNoroff is believed to be a part of Lazarus, a larger group of cybercriminals seeking to finance the North Korean government hindered by international sanctions.

One scheme Kaspersky observed was BlueNoroff targeting successful crypto startups for social engineering and phishing attacks — identifying key people and conversations within the company to facilitate the attack. 

Another scheme involved BlueNoroff impersonating a person in the top management of Digital Currency Group (DCG), the crypto-focused firm that owns Grayscale Investments and media publication CoinDesk. BlueNoroff sent an email impersonating the DCG personnel to someone in the crypto startup in hopes that the target would click on an infected link, Kaspersky wrote in the report.

In addition to DCG, the hackers abused the names of 14 other companies in targeted phishing attacks. 

North Korean hackers stole nearly $400 million worth of digital assets alone in 2021 — an increase in 40% compared to the year prior, according to a report from the blockchain analytics firm Chainalysis

AUTHOR

MK Manoylov profile picture MK Manoylov

MK Manoylov is a former reporter at The Block.

See More

WHO WE ARE

The Block is a news provider that strives to be the first and final word on digital assets news, research, and data.

+ Follow us on Google News
Connect with the block on

More by MK Manoylov