Network Security, Threat Intelligence, Phishing

New North Korean social-engineering campaign targets crypto sector

Share
Crypto Trading theme with blurred city abstract lights background

Cryptocurrency industry workers have been targeted by North Korean threat actors leveraging job lures on LinkedIn to enable RustDoor malware compromise, according to The Hacker News.

North Korean hackers' social-engineering attacks involved the spoofing of a recruiter for decentralized cryptocurrency exchange STON.fi on LinkedIn to lure targets into downloading a malicious Visual Studio project claimed to be part of a coding challenge but downloads RustDoor via the "VisualStudioHelper" and "zsh_env" second-stage payloads, which function as backdoors but communicate with separate command-and-control servers, a Jamf Threat Labs report showed.

Such findings should prompt increased employee training and vigilance on cybersecurity threats across the cryptocurrency sector amid increasingly sophisticated techniques leveraged by threat actors.

"These social-engineering schemes performed by the DPRK come from those who are well-versed in English and enter the conversation having well researched their target," said Jamf Threat Labs researchers.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.