In an effort to commit cryptocurrency heists, North Korean hackers are exhibiting a "startup mentality," according to a report released on Wednesday by cybersecurity company Proofpoint.
The Sunnyvale, California-based company claimed that in December, a group they call TA444, which is similar to the notorious hacking gang Lazarus, unleashed a massive wave of phishing assaults against the banking, education, government, and healthcare sectors in the United States and Canada.
The group's emails adopted strategies that were distinct from the methods researchers had previously connected them with, such as attempts to obtain users' passwords and login information.
According to the study, "this extensive credential harvesting operation is a variation from standard TA444 activities, which normally include the direct deployment of malware."
The hackers generated information like job offers and salary modifications to entice targets and employed email marketing tools to get through phishing systems. In addition, they used LinkedIn, a social networking site, to communicate with victims before sending them links to malware, the report further reads.
According to Proofpoint, the spam wave in December nearly doubled the number of emails the group sent over the whole year.
TA444 has a "startup attitude," according to Greg Lesnewich, senior threat researcher at Proofpoint, and is "trying a variety of infection chains to help grow its revenue streams."
He claimed that the threat actor "embraces social media as part of their M.O. and quickly ideas new attack tactics." By bringing in movable money, TA444 "leads North Korea's cashflow generation for the leadership."
North Korea, which is still subject to strict international sanctions, has grown more dependent on cybercrime to fund its illegal weapons programme.
The astonishing heist of more than $600 million in bitcoin from an online video game network in March was perpetrated by a group with ties to Pyongyang, according to the FBI.
On Monday, the FBI also declared that the Lazarus Group was in charge of a $100 million theft from Horizon Bridge, a cryptocurrency transfer service run by the American Harmony blockchain, in June.
North Korea has stolen bitcoin assets worth $1.2 billion worldwide since 2017, with the majority of that value coming in 2022, as per South Korea's National Intelligence Service, which made the revelation last month.
The spy service forewarned that Pyongyang was likely to speed up its efforts this year to obtain vital defence and intelligence technology from the South.
