Researchers have uncovered a new cyber attack campaign, dubbed “Hidden Risk,” showing that North Korean hackers have shifted their focus to the cryptocurrency industry. Linked to the infamous Lazarus Group, these attackers have moved away from profiling targets on social media and are now using advanced phishing tactics.
SentinelLabs, a cybersecurity firm, revealed that these hackers are now disguising malware as regular financial reports. Their goal is to target individuals within the crypto industry who may be vulnerable, using weaknesses in decentralized financial platforms and the wider blockchain ecosystem.
The group behind this campaign, particularly BlueNoroff, has been connected to efforts that fund North Korea’s nuclear and weapons programs. By exploiting vulnerabilities in decentralized finance platforms, they have stolen millions of dollars, raising serious concerns about the security of the cryptocurrency industry.
In response to this growing threat, the FBI has issued a warning to financial industry players, urging them to stay alert to phishing and other social engineering tactics from North Korean cyber actors. Special attention is being given to decentralized finance and ETF companies, which are prime targets.
In a rather shocking touch, the “Hidden Risk” campaign takes things further by impersonating email notifications about BTC-related articles or updates on the latest trends in the DeFi market. These emails, which appear to come from legitimate sources, encourage victims to click on links offering PDFs. However, these links secretly install malware onto the victim’s macOS device.
SentinelLabs notes that the malware used in this attack is specifically designed to bypass macOS’s security protocols. By using valid Apple Developer IDs, the malware can evade the Gatekeeper system, which is designed to block unauthorized software. Once installed, the malware continues running in the background, even after reboots, and connects to servers controlled by North Korea.
The sophistication of this malware highlights a worrying trend in North Korean cyber threats. SentinelLabs recommends that macOS users in the crypto sector strengthen their security and remain cautious with any unsolicited emails.
The “Hidden Risk” campaign serves as a clear reminder that the crypto industry faces an ever-growing cyber threat. With North Korea continuing to refine its cyber capabilities, organizations must remain vigilant and enhance their defenses against phishing attacks and social engineering. The need for strong cybersecurity is more important than ever to protect the crypto space from these increasingly advanced threats.
The game of cat and mouse between hackers and defenders continues, and the stakes are higher than ever.
What if the next big crypto boom isn't driven by Bitcoin or Ethereum, but by…
Convergence of artificial intelligence (AI) and blockchain technology continues to reshape the crypto space, one…
FUNToken launches a smart rewards bot — the first step toward building an AI agent…
The crypto market of 2025 is now a full-blown financial arena where professionals, institutional traders,…
Analysts are spotlighting Mutuum Finance (MUTM) as the best crypto to buy now, outshining Dogecoin…
Investors seeking more than speculative momentum are increasingly shifting their attention from Dogecoin (DOGE) toward…
