The ridiculously high value of Bitcoin has done more than attract attention from potential investors. It would appear that cybercriminals are now targeting digital wallets in order to steal cryptocurrency; with the mysterious Lazarus group at the centre of suspicion.
Lazarus has been associated with several high profile cyberattacks over the past few of years. This includes shutting down Sony Pictures for several weeks, as well as steal $81 million from the Central Bank of Bangladesh. Crucially, the group has been linked to North Korean cyberwarfare efforts.
Security company Secureworks has been monitoring a spearphising campaign aimed at those who own cryptocurrency. The email delivered claims to be for a job listing as the chief financial officer at a London-based cryptocurrency company. As is usually the case, the provided link installs malware that allows the attackers to gain control over the infected computer.
North Korea has been interested in cryptocurrency since it started becoming popular. The anonymous nature of the wallets allows it to move funds and circumvent international sanctions. Of course, simply buying Bitcoin would be raise too many red flags; hence the theft of the currency.
The country is already suspect of several attacks on Bitcoin exchanges in South Korea.
Secureworks believes that this campaign has been going on since 2016; despite the most recent phishing emails being delivered in October 2017. The efforts from the cybercriminals is still believed to be ongoing, and people are advised to be careful with their online activities.