In recent days, at least Three founders of companies in the cryptocurrency sector have reported attempts at fraud linked to alleged North Korean pirates. Cybercriminals would have tried to steal sensitive data through Calling calls callsUsing a sophisticated technique that exploits the psychology of victims.
The new North Korean pirate method: false zoom calls with technical problems
Nick Bax, member of the group of ethical pirates Security alliancereported the new attack method with a Publish (Formerly Twitter) on March 11. According to Bax, this strategy has already led to theft of million dollars by fraudsters.
The Modus Operandi consists in contacting the victim with a Reunion or collaboration proposal. Once the video call has been initiated, the authors send a message indicating Audio problemsWhile a pre-recorded video of a pseudo-investor With an annoyed expression appears on the screen. At this point, a Link to a new call is sent to the victim, explaining that it is necessary to solve the technical problem.
However, the new link is actually Malware Disguised, which asks the user to install a fix to restore correct audio / video features. Bax underlines how this technique exploits the haste and the psychological pressure of the moment:
“You think you meet important investors and try to solve the problem quickly, dropping your guard. But once the patch is installed, you are screwed up. »»
Founders of cryptographic companies targeted by North Korean pirates
After the revelation of Bax, several founders of companies in the blockchain sector shared similar experiences. Giulio XiloyannisCo-founder of the game-based game platform Currency protocolreported that he had almost fallen in love with the scam. According to reports, the pirates tried to deceive him as well as the marketing director with a partnership proposal. However, Xiloyannis felt the deception when he was redirected at the last moment to a suspicious linkWho said he couldn’t read audio to invite him to download a dangerous file.
Another case involves David Zhangco-founder of StableA startup dealing with stablecoins supported by American venture capital. He too was contacted by the crooks, who initially used His personal Google dating link. However, shortly after, under the pretext of an internal meeting, they asked him to connect to Another fake video call.
Zhang, who responded to the call of his tablet, thought that the malicious software of the pirates were mainly designed for Office operating systemsBecause he has not noticed any obvious anomaly on his mobile device.
Another victim of the attempted attack is Melbin Thomasfounder of the decentralized artificial intelligence platform Devdock Aispecialized in web3 projects. After having started to install the infected file, Thomas managed to Block the process in time By avoiding entering the password. As a precaution, he disconnected the laptop and restored the device to factory settingsBut it remains the doubt that the files transferred to an external hard drive were compromised.
The alarm of the United States, Japan and South Korea on the North Korean cyber attacks
These episodes are part of a broader context of the growing cyber-painting of North Korean pirate groups. On January 14, the United States, Japan and South Korea published a joint declaration to warn the danger posed by cybercriminals linked to North Korea, with particular attention to the cryptocurrency sector.
Among the most famous pirate groups there are Lazarus groupAccused of being involved in some of the biggest flights in the history of blockchain. The group is suspected of orchestrating attacks such as that against Go throughwhich led to theft of $ 1.4 billionand that of the Ronin network, which saw a flight of $ 600 million.
After the many attacks, the pirates of Lazarus has moved stolen funds through mixing platformsTools used to obscure the origin of cryptocurrencies. According to Certik, a company specializing in blockchain security, the group has recently deposited 400 Ethereum (ETH)is about $ 750,000in the mixing service Tornado Cash.
Conclusions: an increasing risk for the world of cryptography
The episodes reported by the founders of companies in the blockchain confirm that the pirates are increasingly refining their techniques, exploiting the confidence and haste of the victims. The growing frequency of these attacks encourages security experts to repeat the importance of adopting preventive measuresLike checking each link before clicking on it and avoiding installing files from unknown sources.
With the intensification of activities by groups like Lazarus, the world of cryptocurrencies must face an ever-increasing risk linked to cyber attacks. Collaboration between companies, security experts and governments will be fundamental to counter these threats And protect the digital capital from increasingly sophisticated flights.
