US warns of resurgence of North Korea’s BeagleBoyz hacking gang

Published at: Aug. 28, 2020

A group of North Korean hackers is engaged in a massive campaign targeting U.S. financial institutions and cryptocurrency exchanges around the world — with U.S. authorities warning of the high level of threat it poses to the country.

According to an alert issued by the U.S. Department of Homeland Security (DHS), agencies including the FBI, the U.S. Cyber Command, and the Department of the Treasury are moinotiring the resurgence of the North Korea-sponsored hacking group, BeagleBoyz.

The hackers have not been as active in the last few years as the notorious Lazarus Group – another hacking group from the hermit regime. However, they are reportedly responsible for stealing $2 billion since at least 2015, mostly related to “lucrative cryptocurrency thefts,” said the U.S. DHS.

The group appears to have restructured its team earlier this year, according to the latest findings, and have developed new “irreversible methods of theft” to target crypto exchanges.

Malware that the BeagleBoyz plan to use includes COPPERHEDGE – a remote access tool employed by sophisticated threat groups to target crypto exchanges. The tool can run commands on compromised systems and exfiltrate stolen data.

Speaking with Cointelegraph, Erich Kron, security awareness advocate at cybersecurity firm KnowBe4, said the group was well organized and targeted ATMs as well as exchanges.

“The ATM cash out schemes are interesting, as they are often well organized and can include many accomplices around the world working together to make large withdrawals simultaneously,” he said. In contrast, delivering malware to exchanges was usually pretty basic he said:

“The use of phishing emails and LinkedIn connections demonstrate how the initial attacks are often done using low-tech social engineering schemes, then move into more high-tech techniques once in the network.”

According to a report released by the Finnish cybersecurity and privacy firm, F-Secure, the latest Lazarus Group attack was made through a crypto-related job advert on LinkedIn.

Their investigation indicated that an individual working in the blockchain space received a phishing message that mimicked a legitimate blockchain job listing.

Tags
Related Posts
Revealed: How North Korean hackers launder stolen crypto
British multinational security company BAE Systems and the Society for Worldwide Interbank Financial Telecommunication, or SWIFT, have published a report revealing how cybercriminals launder cryptocurrency. According to the study Follow the Money money laundering cases via crypto are still relatively small compared to the huge volumes of cash laundered through traditional methods like wire transfers. But there are some notable examples and the report goes in-depth into the money laundering methods employed by Lazarus Group, a well-known hacking gang sponsored by the North Korean regime. Lazarus typically steals the crypto funds from an exchange and then starts to pass transactions …
Technology / Sept. 4, 2020
Lazarus is attacking the crypto industry via LinkedIn, warns F-Secure
Lazarus, a group of hackers who are allegedly backed by North Korea, is now reportedly attacking crypto and blockchain talent through major professional social network, LinkedIn. According to a report by the Finnish cyber security and privacy firm, F-Secure, the latest Lazarus attack was made through a crypto-related job advert on the site. Their investigation indicated that an individual working in the Blockchain space received a phishing message that mimicked a legitimate Blockchain job listing. The message included an MS Word document titled “BlockVerify Group Job Description,” which executed malicious macro code when opened. F-Secure found that the document shares …
Technology / Aug. 25, 2020
US charges three North Korean hackers over crypto attacks and WannaCry ransomware
On Wednesday, the United States Department of Justice announced charges against three North Korean hacker. Making the announcement, Assistant Attorney General John Demers condemned the North Korean program, the most famous branch of which is Lazarus Group. Demers said: "North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers." With a country largely sequestered from the international economy, North Korea's hacking program has been a critical source of revenue. Many have linked hacking income from sources like the WannaCry malware and crypto exchange Coincheck with the …
Regulation / Feb. 17, 2021
Infamous North Korean hacker group identified as suspect for $100M Harmony attack
The Lazarus Group, a well-known North Korean hacking syndicate, has been identified as the primary suspect in the recent attack that saw $100 million stolen from the Harmony protocol. According to a new report published Thursday by blockchain analysis firm Elliptic, the manner in which Harmony’s Horizon bridge was hacked and the way in which the stolen digital assets were consequently laundered bears a striking resemblance to other Lazarus Group attacks. “There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen …
Blockchain / June 30, 2022
Coinbase discloses recent cyberattack targeting employees
Crypto exchange Coinbase experienced a cybersecurity attack targeting its employees on Feb. 5. The attack came through SMS scams and involved impersonations of IT staff, according to a recent report from the company's engineering team. No customers' funds or information were impacted, the firm said. As per the report, on a late Sunday several Coinbase employees received SMS messages requiring them to urgently log in via the link provided to access an important message. Acting in a good faith, one employee followed the exploiter' instructions: "While the majority ignore this unprompted message - one employee, believing that it’s an important …
Technology / Feb. 22, 2023