Google Cloud’s threat intelligence department has discovered that cyberattacks backed by the North Korean government are actively targeting Brazilian cryptocurrency exchanges and fintech companies. A June 13 Google threat intelligence report highlighted coordinated attempts to hijack, extort and defraud Brazilian individuals and organizations.
Who is behind the cyberattacks in Brazil
The infamous North Korean cybercrime group Pukchong (also known as UNC4899) targeted Brazilian citizens and organizations through the labor market. They tricked unsuspecting job seekers into downloading malware onto their systems. The report said, “The project was a Python-based Trojan application for obtaining cryptocurrency prices, which was modified to access an attacker-controlled domain to obtain a second-stage payload if certain conditions were met.”
Similar malicious attacks were also discovered by GoPix and URSA, actively targeting Brazilian crypto firms.
Government-backed phishing attacks targeting Brazil. Source: Google Cloud
Other attacks in the crypto market
Recently, cryptocurrency wallet provider Trust Wallet asked Apple users to disable iMessage, citing “credible information” about a zero-day exploit that could allow hackers to gain control of users’ phones.
A zero-day exploit is a cyberattack vector that exploits an unknown or unpatched security hole in computer software, hardware or firmware.
Cybersecurity company Kaspersky recently revealed that North Korean hacking group Kimsuky reportedly used a “startling” new malware variant dubbed “Durian” to launch attacks against South Korean crypto firms.
“Durian boasts extensive backdoor features, allowing it to execute delivered commands, download additional files and exfiltrate them,” Kaspersky wrote.
