North Korean Hackers to Launch a Global COVID-19 Phishing Campaign

Published at: June 19, 2020

A study by cybersecurity vendor, Cyfirma, warned about a massive phishing campaign that will be launched by the North Korean hacker group, Lazarus, on June 21. The campaign will allegedly target six nations and over 5 million businesses and individuals.

According to the report published on June 18, Lazarus will subject Singapore, Japan, India, the United Kingdom, South Korea, and the United States to a massive phishing campaign. Hackers will reportedly attempt to take advantage of people receiving payments established by several countries in an attempt to mitigate the COVID-19 crisis.

A campaign to collect cryptocurrencies?

Lazarus seems to be impersonating government accounts using fake emails. They ask recipients to visit fraudulent websites which ask for money and save their personal data. In the past, the North Korean hackers have preferred to be paid in cryptocurrencies.

There are no additional details about the specific methods Lazarus group will use to gather money from their victims.

A Cyfirma’s spokesperson told Cointelegraph:

“On June 1, the platform picked up an early indicator from Korean-speaking community discussing a folder called ‘Health-Problem-2020’ and that was when we uncovered the entire campaign targeting the USA, UK, Japan, South Korea, India and Singapore. This global phishing campaign is well-planned across all fronts, leveraging social engineering to lure individuals and businesses into divulging personal and financial information. Citizens and business owners are in desperate need of these government fiscal support packages and chances of them falling prey to this phishing attack is very high.”

Governments already aware of the threat

The cybersecurity firm clarifies that they have not yet seen URLs for the phishing sites found in the email templates gathered during their research, but expect that such information will be revealed soon. They also state that the governments of the targeted countries have been warned about the upcoming Lazarus campaign.

Recently, North Korean leader, Kim Jong-un, reportedly encouraged Lazarus to steal cryptocurrencies like Bitcoin (BTC) using phishing scams. Sources indicate that the country has ramped up these efforts to prevent a financial meltdown during the COVID-19 crisis.

Tags
Related Posts
Revealed: How North Korean hackers launder stolen crypto
British multinational security company BAE Systems and the Society for Worldwide Interbank Financial Telecommunication, or SWIFT, have published a report revealing how cybercriminals launder cryptocurrency. According to the study Follow the Money money laundering cases via crypto are still relatively small compared to the huge volumes of cash laundered through traditional methods like wire transfers. But there are some notable examples and the report goes in-depth into the money laundering methods employed by Lazarus Group, a well-known hacking gang sponsored by the North Korean regime. Lazarus typically steals the crypto funds from an exchange and then starts to pass transactions …
Technology / Sept. 4, 2020
Kim Jong Un May Be Using Stolen Crypto to Offset Economic Fallout
North Korean leader, Kim Jong-un, is reportedly backing a group of hackers. Their goal? Stealing cryptocurrencies like Bitcoin (BTC) using phishing scams. Sources indicate that the country has ramped up these efforts in an attempt to prevent a financial meltdown amid the COVID-19 crisis. A report published on May 13 by the U.K. Mirror claims that the Lazarus group, a hacking syndicate with alleged ties to the North Korean state, could be launching a cybercrime campaign of advanced persistent threat, or APT, attacks. Experts from Seoul-based firm, ESTsecurity, state that Lazarus is “increasingly engaging” in cybercrime activities in and out …
Bitcoin / May 14, 2020
North Korea’s Crypto Extortion Efforts Have Expanded Considerably in 2020
A group of hackers associated with the North Korean regime have kept their crypto extortion efforts alive in 2020. A group of North Korean hackers operating under the name “Lazarus” targeted several crypto exchanges last year, according to a report published by Chainalysis. One of the attacks involved the creation of a fake trading bot which was offered to employees of the DragonEx exchange. Findings show that in March 2019, the hackers stole approximately $7 million in various cryptocurrencies from the Singapore-based exchange. Cybersecurity vendor Cyfirma warned in June about a massive crypto phishing campaign that could be launched by …
Bitcoin / July 28, 2020
North Korean hackers stealing NFTs using nearly 500 phishing domains
Hackers linked to North Korea’s Lazarus Group are reportedly behind a massive phishing campaign targeting non-fungible token (NFT) investors — utilizing nearly 500 phishing domains to dupe victims. Blockchain security firm SlowMist released a report on Dec. 24, revealing the tactics that North Korean Advanced Persistent Threat (APT) groups have used to part NFT investors from their NFTs, including decoy websites disguised as a variety of NFT-related platforms and projects. Examples of these fake websites include a site pretending to be a project associated with the World Cup, as well as sites that impersonate well-known NFT marketplaces such as OpenSea, …
Nft / Dec. 26, 2022
Reddit user warns of a copy & paste exploit that stole his crypto
A Reddit user operating under the name “seraf1990” warned of a copy & paste crypto scam that replaced a wallet address he copied from Coinbase with one belonging to scammers. According to seraf1990, he lost about $350 worth of Bitcoin (BTC) — money that he notes was meant to go towards his rent for next month. The post explains that seraf1990 was attempting to cash out some BTC by sending it from Binance to his account on Coinbase. After copying the exchange’s Bitcoin wallet address, he pasted it into the appropriate field back on Binance and completed the transaction “without …
Bitcoin / Aug. 26, 2020