- North Korean hackers want to steal crypto from crypto entities in Brazil according to a report by Google Cloud
- The malicious actors are employing multiple tactics like hijacking and phishing scams
- The hackers are also targeting other digital infrastructure in the country
North Korean hackers are now targeting crypto and web3-centric institutions and individuals in Brazil. According to a report by Google Cloud, the malicious actors are turning to phishing scams, malware and hijacking attempts to siphon funds from their target victims. Close to 32% of all phishing attacks on Brazilian digital infrastructure, including crypto entities, are orchestrated by North Korean actors with those with a Chinese origin accounting for 42% of all attacks, an indication that the attackers see some critical vulnerabilities in the Brazilian crypto space.
A Globally Influential Power
According to Google Cloud, hackers and other malicious actors are turning to Brazil due to the country’s position as a “globally influential power” especially in South America. Most hackers operating in Brazil are government-backed.
Brazil’s digital infrastructure faces threats beyond traditional ransomware.
Our new blog post combines Google TAG and Mandiant expertise to analyze Brazil’s unique threat landscape.
Read now: https://t.co/V2Nb3M80sJ#Cybersecurity #CyberEspionage #Ransomware #Brazil pic.twitter.com/zSbroB8VvN
— Mandiant (part of Google Cloud) (@Mandiant) June 12, 2024
Government-backed North Korean hackers have targeted several sectors including Brazil’s financial services sector and government institutions, but the country’s cryptocurrency space has been among their key priorities.
Google Cloud recorded three North Korean groups focusing on compromising crypto entities and stealing virtual assets from individuals. Among those groups is PUKCHON which employs a malware-filled Python app.
A Malware-infested Job Offer
They start by sending victims a PDF file containing a job description of a position at a reputable web3/crypto firm. When a job seeker replies to the unsolicited job ad, they’re directed to perform a coding test by first downloading a malware-infested program on GitHub.
Google Cloud’s report comes a week after the FBI warned of crypto scammers offering fake work-from-home jobs to steal crypto from unsuspecting victims. It also comes two weeks after bug bounty platform ImmuneFi noted that hackers are focusing more on decentralized entities compared to their centralized counterparts. It also
With North Korean hackers’ intentions disclosed, it’s to be seen whether it will help lower the number of victims.