North Korean hacking group TA444 is primarily targeting crypto, but security researchers say that it is launching phishing attacks aimed at other targets.
According to analysis by CoinGecko, crypto hacks and exploits reached $2.8 billion in 2022, which is the second largest amount stolen since the infamous Silk Road hack of 2012.
Hackers are adapting and upping their game in order to take advantage of a nascent cryptocurrency industry that is still learning as it progresses. Hacking groups out of North Korea are taking a large part of the pie in this respect, and one group in particular, TA444, is adapting and shifting focus.
In an article on the security oriented website Data Breach Today, it was reported that researchers had been tracking the North Korean hacking group TA444, which in one month almost doubled the amount of spam that it sent over the 11 months previously.
TA444 is yet another identified hacking group to join the ranks of others which include: APT38, Bluenoroff, BlackAlicanto, Stardust Chollima and Copernicium group.
Researchers at Proofpoint say that the recent activity from TA444 could possibly be evidence that the group is “targeting away from major cryptocurrency and financial institutions”.
The language used in attacks by TA444 have so far been in English, Spanish, Polish, and Japanese. Phishing emails are said to be “well-crafted” and have “lure content” in the form of high paying job opportunities, and salary adjustments.
The Data Breach Today article specifies the types of payloads that the spam emails deliver:
“The phishing emails deliver payloads available in two file formats - an obfuscated LNK file and a chain beginning with documents using remote templates. TA444 continues to use both methods but also now uses other file types like MSI Installer files, virtual hard drive, ISO to bypass Windows Mark of the Web, and compiled HTML.”
With TA444 managing to hack more than $1 billion in 2022, an improvement on the 2021 total of around $400 million, this fast-learning and adaptive group is likely to have a good amount of security resources devoted to countering its operations.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.