Google Cloud’s threat intelligence team has uncovered a concerning revelation – government-backed cyber attackers from North Korea are actively targeting cryptocurrency exchanges and fintech companies in Brazil. The report released on June 13 by Google highlights coordinated efforts by these hackers to hijack, extort, and defraud individuals and organizations in Brazil.
While North Korean groups are primarily focused on targeting cryptocurrency firms, aerospace and defense, and government entities, cyber criminals supported by the Chinese government are honing in on government organizations and the energy sector in Brazil.
The cybercriminal group Pukchong, also known as UNC4899, has been identified as the mastermind behind these attacks on Brazilian citizens and organizations, using deceptive tactics in the job market to distribute malware. Other malicious groups such as GoPix and URSA have also been actively targeting Brazilian crypto companies with similar malware attacks.
In a separate incident, Trust Wallet, a crypto wallet provider, warned Apple users to disable iMessage due to a zero-day exploit that could potentially allow hackers to take control of users’ phones. A zero-day exploit is a type of cyberattack that leverages unknown security flaws in computer software, hardware, or firmware.
Kaspersky, a cybersecurity firm, recently discovered that the North Korean hacking group Kimsuky had developed a new malware variant called “Durian” to target South Korean crypto firms. This malware boasts backdoor functionalities, enabling hackers to execute commands, download files, and steal data.
Furthermore, Kaspersky identified that LazyLoad was used by Andariel, a sub-group within the Lazarus Group, another North Korean hacking consortium. This suggests a potential connection between Kimsuky and the more infamous Lazarus Group.