North Korean hackers said to target crypto startups in months-long cybercrime campaign

A Thursday report from the Russian cybersecurity firm Kaspersky Labs identified North Korean hackers behind sophisticated phishing and social engineering attacks targeting cryptocurrency startups.

Kaspersky internally identified the North Korean hackers as BlueNoroff, who have stolen over $1.1 billion from financial institutions worldwide, according to the US Treasury Department. BlueNoroff is believed to be a part of Lazarus, a larger group of cybercriminals seeking to finance the North Korean government hindered by international sanctions.

One scheme Kaspersky observed was BlueNoroff targeting successful crypto startups for social engineering and phishing attacks — identifying key people and conversations within the company to facilitate the attack. 

Another scheme involved BlueNoroff impersonating a person in the top management of Digital Currency Group (DCG), the crypto-focused firm that owns Grayscale Investments and media publication CoinDesk. BlueNoroff sent an email impersonating the DCG personnel to someone in the crypto startup in hopes that the target would click on an infected link, Kaspersky wrote in the report.

In addition to DCG, the hackers abused the names of 14 other companies in targeted phishing attacks. 

North Korean hackers stole nearly $400 million worth of digital assets alone in 2021 — an increase in 40% compared to the year prior, according to a report from the blockchain analytics firm Chainalysis