Analysis of North Korean Hackers’ Targeted Phishing Scams on Telegram
Contents
Analysis of North Korean Hackers’ Targeted Phishing Scams on Telegram
Background
Since 2022, our team at SlowMist, using the SlowMist BTI intelligence network, discovered that the North Korean hacker group Lazarus initiated a widespread phishing operation on Telegram, specifically targeting the cryptocurrency industry. More recently, these hackers have escalated their tactics by posing as reputable investment institutions to execute phishing scams against various cryptocurrency project teams. Due to the considerable impact of these fraudulent activities, we at SlowMist have undertaken a detailed analysis.
Tactics and Strategies:
1. The North Korean hackers carefully choose well-established investment institutions to impersonate. Following this selection, they proceed to create fake Telegram accounts under these entities’ names.
2. With these fake accounts, they then target prominent DeFi (Decentralized Finance) project teams. Posing as potential investors from well-established investment institutions, they begin to implement their scam strategies.
After establishing communication, the hackers try to convince the team to download a script, falsely …
Background
Since 2022, our team at SlowMist, using the SlowMist BTI intelligence network, discovered that the North Korean hacker group Lazarus initiated a widespread phishing operation on Telegram, specifically targeting the cryptocurrency industry. More recently, these hackers have escalated their tactics by posing as reputable investment institutions to execute phishing scams against various cryptocurrency project teams. Due to the considerable impact of these fraudulent activities, we at SlowMist have undertaken a detailed analysis.
Tactics and Strategies:
1. The North Korean hackers carefully choose well-established investment institutions to impersonate. Following this selection, they proceed to create fake Telegram accounts under these entities’ names.
2. With these fake accounts, they then target prominent DeFi (Decentralized Finance) project teams. Posing as potential investors from well-established investment institutions, they begin to implement their scam strategies.
After establishing communication, the hackers try to convince the team to download a script, falsely …
IoC
104.168.137.21