Crypto hackers associated with Lazarus Group of North Korea are reportedly at the back of a huge phishing campaign aiming at those investing in non-fungible tokens (NFTs) by utilizing up to five hundred phishing domains to trick the victims.
SlowMist, a blockchain security company, issued a report recently, disclosing the methods utilized by the North Korean Advanced Persistent Threat (APT) teams to take away the NFTs from the investors.
North Korean Hackers Target NFTs via Phishing Domains
They include the decoy websites which disguise as diverse projects and platforms related to non-fungible tokens. The respective fake web portals’ examples take into account a site posing to be a project linked to the World Cup and the websites that mimic Rarible, X2Y2, Opensea, and the rest of the marketplaces of the non-fungible tokens.
SlowMist mentioned that a tactic used by the hackers was that they offered malicious Mints via these decoy websites.
In this way, the attackers deceive the targeted parties into considering that they mint legalized non-fungible tokens by linking their wallets to these decoy websites.
Nonetheless, in reality, the respective NFTs are fraudulent and the wallet of the victim is exposed to the attacker, letting them access it according to their wish. A report additionally disclosed that several phishing web portals ran under the analogous Internet Protocol (IP).
In addition to this, three hundred and seventy-two NFT phishing web portals under one IP. On the other hand, three hundred and twenty web portal web portals were linked to another IP. As revealed by SlowMist, the phishing movement has been working for many months, indicating that the first registered domain name appeared nearly 7 months back.
The rest of the phishing tricks utilized by the bad actors dealt with recording visitor data as well as getting it saved for outdoor sites and connecting images to mark projects.
When the hacker was near acquiring the visitor’s data, diverse attack scripts would be run by them on the target. This would permit the hacker to get into the access records of the target, the authorizations, plug-in wallets’ utilization, and sensitive data like the approved record and sigData of the victim.
The entirety of this information subsequently lets the attacker enter the wallet of the victim, exposing the digital assets existing there.
Nevertheless, SlowMist stresses that this does not count as the limit of these things because the analysis just focused on a little percentage of the materials. The company claims that it has extracted a few of the features of hackers from North Korea.
For instance, SlowMist signified that only one of the phishing addresses was able to get 1,055 non-fungible tokens as well as gains of almost 300 ETH (equaling $367,000) via the phishing tricks. As added by the platform, the Naver phishing movement was also launched by the North Korean APT group as was formerly documented on the 15th of March by Prevailion.
Japanese Authorities Warn Crypto Businesses against North Korean Hackers
The country has been playing a central role in diverse crypto-centered theft crimes during this whole year. On the 22nd of December, the National Intelligence Service (NIS) of South Korea published a news report claiming that the crypto of above $620M amount was drained by North Korea in only 2022.
In October this year, the National Police Agency of Japan cautioned the crypto-asset businesses of the country against the hacking group of North Korea.