North Korean Hackers Deploy Blockchain-Based Tools in Expanding Global Cyber Campaign
North Korean threat actors are using advanced, decentralized tools like EtherHiding and evolving malware strains in global campaigns targeting job seekers for cryptocurrency theft.Summary
North Korea-linked threat actors are expanding their global cyber campaigns using decentralized and evasive tools to steal cryptocurrency and infiltrate networks, according to Cisco Talos and Google Threat Intelligence Group (GTIG).
Cisco Talos observed the group Famous Chollima using evolved malware strains, BeaverTail and OtterCookie, which were deployed via social engineering scams like fake job recruitment. In one incident involving an organization in Sri Lanka, attackers tricked a job seeker into installing malicious code that included keylogging and screenshotting modules.
GTIG identified a new malware called EtherHiding used by actor UNC5342, which hides malicious JavaScript payloads on public blockchains, effectively creating a decentralized command and control (C2) network that resists law enforcement takedowns. These operations frequently start with fraudulent job postings targeting crypto and cybersecurity professionals, tricking them into downloading files embedded with malware like JadeSnow, BeaverTail, and InvisibleFerret to achieve espionage, financial theft, and network infiltration.
(Source:BeInCrypto)