North Korean hackers deploy nearly 500 phishing domains to steal millions worth of NFTs
North Korean hackers are back in the spotlight, and this time it’s about the theft of non-fungible tokens (NFTs) worth millions of dollars.
A report by cybersecurity firm Slowmist uncovered a new tactic used by hackers linked to North Korea’s Lazarus Group. These Advanced Persistent Threat (APT) groups have been discovered using fake websites to steal digital collectibles from unsuspecting investors.
The hackers use decoy websites impersonating leading NFT platforms such as OpenSea, Rarible, and even projects related to the FIFA World Cup, according to the report. The bad actors took advantage of nearly 500 phishing sites, the earliest of which was recorded in May, and in seven months, over $10 million worth of NFTs have been stolen.
One phishing site made a profit of $367,000 after stealing a total of 1,055 NFTs. Slowmist indicated that during its investigation it identified a collaboration between Eastern European hacking groups and North Korean bad actors.
Slowmist says the fake sites steal users’ sensitive data, and with the ingenious use of malware through “malicious coins,” North Korean hackers are able to steal NFTs. The cyber security firm confirmed it could not assess the true extent of the scheme and suggests the ploy runs deeper.
“For confidentiality and privacy reasons, this paper analyzed only a small portion of the NFT phishing material and extracted some phishing characteristics of the North Korean hackers,” says Slowmist. “But this is only the tip of the iceberg.”
To prevent falling victim to phishing attacks, Slowmist advises NFT holders to “strengthen their understanding of security literacy,” which in turn will help them spot potential red flags on a website.
Busy year for North Korea’s bad actors
North Korean hackers have had a busy 2022 characterized by a profitable virtual currency crime. A recent report by South Korea’s National Intelligence Service (NIS) notes that North Korea’s hacking groups have stolen over $600 million in digital assets since the beginning of the year.
The Lazarus Group, one of the most prolific hacker groups operating outside the country, was identified as the main culprit in attracting digital asset funds using a new version of the AppleJeus malware.
“We are seeing more complex attacks where the threat actor demonstrates great knowledge and preparation, and takes steps to gain their target’s trust before deploying the payload,” Microsoft said.
Japanese law enforcement agencies issued a public warning to citizens about the activities of North Korean hackers after they traced a series of attacks to the Lazarus Group.
See: BSV Global Blockchain Convention presentation, Sentinel Node: Blockchain Tools to Improve Cybersecurity
width=”562″ height=”315″ frameborder=”0″ allowfullscreen=”allowfullscreen”>
New to Bitcoin? Check out CoinGeeks Bitcoin for beginners section, the ultimate resource guide for learning more about Bitcoin – originally envisioned by Satoshi Nakamoto – and blockchain.