1 year ago
Hackers linked to North Korea’s Lazarus Group are reportedly down a monolithic phishing run targeting non-fungible token (NFT) investors — utilizing astir 500 phishing domains to dupe victims.
Blockchain information steadfast SlowMist released a report connected Dec. 24, revealing the tactics that North Korean Advanced Persistent Threat (APT) groups person utilized to portion NFT investors from their NFTs, including decoy websites disguised arsenic a assortment of NFT-related platforms and projects.
Examples of these fake websites see a tract pretending to beryllium a task associated with the World Cup, arsenic good arsenic sites that impersonate well-known NFT marketplaces specified arsenic OpenSea, X2Y2 and Rarible.
SlowMist said 1 of the tactics utilized was having these decoy websites connection “malicious Mints,” which involves deceiving the victims into reasoning they are minting a morganatic NFT by connecting their wallet to the website.
However, the NFT is really fraudulent, and the victim’s wallet is near susceptible to the hacker who present has entree to it.
The study besides revealed that galore of the phishing websites operated nether the aforesaid Internet Protocol (IP), with 372 NFT phishing websites nether a azygous IP, and different 320 NFT phishing websites associated with different IP.
An illustration phishing website Source: SlowMistSlowMist said the phishing run has been ongoing for respective months, noting that the earliest registered domain sanction came astir 7 months ago.
Other phishing tactics utilized included signaling visitant information and redeeming it to outer sites arsenic good arsenic linking images to people projects.
After the hacker was astir to get the visitor's data, they would past proceed to tally assorted onslaught scripts connected the victim, which would let the hacker entree to the victim’s entree records, authorizations, usage of plug-in wallets, arsenic good arsenic delicate information specified arsenic the victim’s o.k. grounds and sigData.
All this accusation past enables the hacker entree to the victim’s wallet, exposing each their integer assets.
However, SlowMist emphasized that this is conscionable the “tip of the iceberg," arsenic the investigation lone looked astatine a tiny information of the materials and extracted “some” of the phishing characteristics of the North Korean hackers.
SlowMist Security Alert
North Korean APT radical targeting NFT users with large-scale phishing campaign
This is conscionable the extremity of the iceberg. Our thread lone covers a fraction of what we've discovered.
Let's dive successful pic.twitter.com/DeHq1TTrrN
For example, SlowMist highlighted that conscionable 1 phishing code unsocial was capable to summation 1,055 NFTs and nett 300 ETH, worthy $367,000, done its phishing tactics.
It added that the aforesaid North Korean APT radical was besides liable for the Naver phishing run that was previously documented by Prevailion connected Mar. 15.
Related: Blockchain information steadfast warns of caller MetaMask phishing campaign
North Korea has been astatine the halfway of assorted cryptocurrency theft crimes successful 2022.
According to a quality study published by South Korea’s National Intelligence Service (NIS) connected Dec 22, North Korea stole $620 cardinal worthy of cryptocurrencies this twelvemonth alone.
In October, Japan’s National Police Agency sent retired a informing to the country’s crypto-asset businesses advising them to beryllium cautious of the North Korean hacking group.
English (US) 