Phishing by Appointment: Suspected North Korean Hackers Target Blockchain Community Via Telegram
Contents
Phishing by Appointment: Suspected North Korean Hackers Target Blockchain Community Via Telegram
February 28, 2024 - Michael Rippey
Hunt is tracking an ongoing sophisticated phishing campaign targeting individuals in the Telegram groups focused on the blockchain and angel investing communities, specifically entrepreneurs. The tactics described below are strikingly similar to those previously attributed to the Lazarus Group, a North Korean state-sponsored threat actor. Communication begins with the actor posing as a representative of an investment company seeking business opportunities. As the conversation progresses, the victim is asked to download an Apple Script after ‘technical difficulties’ are encountered in setting up a meeting.
In this blog post, we’ll break down the specifics of this campaign, analyze infrastructure (that’s what everyone’s here for, right?), and uncover potential links to other yet reported malicious activities. By understanding the attacker’s methods, we can collectively defend against and avoid these schemes.
Note: On 22 January 2024, Signum Capital, the …
February 28, 2024 - Michael Rippey
Hunt is tracking an ongoing sophisticated phishing campaign targeting individuals in the Telegram groups focused on the blockchain and angel investing communities, specifically entrepreneurs. The tactics described below are strikingly similar to those previously attributed to the Lazarus Group, a North Korean state-sponsored threat actor. Communication begins with the actor posing as a representative of an investment company seeking business opportunities. As the conversation progresses, the victim is asked to download an Apple Script after ‘technical difficulties’ are encountered in setting up a meeting.
In this blog post, we’ll break down the specifics of this campaign, analyze infrastructure (that’s what everyone’s here for, right?), and uncover potential links to other yet reported malicious activities. By understanding the attacker’s methods, we can collectively defend against and avoid these schemes.
Note: On 22 January 2024, Signum Capital, the …
IoC
104.168.137.21
104.168.163.124
104.168.163.149
142.11.212.104
23.254.129.6
http://104.168.137.21
http://104.168.163.124
http://104.168.163.149
http://142.11.212.104
http://23.254.129.6
http://archax.trustmeeting.live
http://aulis.ventures
http://big-typl.online
http://dun.auditprovidre.online
http://dun.wndlwndmfe.xyz
http://email.alwayswait.online
http://eosszzc.hateoo.space
http://linkpc.net
http://mail.big-typl.online
http://meet.cryptowave.capital
http://ns1.big-typl.online
http://secure.paycount.webbs-information.login.udaviemayas.com
http://shared.dropbox-docsend.online
http://suntcijm.mouradvps43hostwin.online
http://support.cryptowave.capital
http://support.internal-meeting.site
http://support.safe-meeting.online
http://support.trustmeeting.live
http://support.ubi-safemeeting.live
http://support.video-meet.xyz
http://technical-support.safe-meeting.online
http://trustmeeting.live
http://ubi-safemeeting.live
http://ubisoft.safe-meeting.online
http://ubisoft.trustmeeting.live
http://udaviemayas.com
http://work.gd
http://www.big-typl.online
http://www.team-meet.xyz
https://support.internal-meeting.site/359215/send-ip-request
104.168.163.124
104.168.163.149
142.11.212.104
23.254.129.6
http://104.168.137.21
http://104.168.163.124
http://104.168.163.149
http://142.11.212.104
http://23.254.129.6
http://archax.trustmeeting.live
http://aulis.ventures
http://big-typl.online
http://dun.auditprovidre.online
http://dun.wndlwndmfe.xyz
http://email.alwayswait.online
http://eosszzc.hateoo.space
http://linkpc.net
http://mail.big-typl.online
http://meet.cryptowave.capital
http://ns1.big-typl.online
http://secure.paycount.webbs-information.login.udaviemayas.com
http://shared.dropbox-docsend.online
http://suntcijm.mouradvps43hostwin.online
http://support.cryptowave.capital
http://support.internal-meeting.site
http://support.safe-meeting.online
http://support.trustmeeting.live
http://support.ubi-safemeeting.live
http://support.video-meet.xyz
http://technical-support.safe-meeting.online
http://trustmeeting.live
http://ubi-safemeeting.live
http://ubisoft.safe-meeting.online
http://ubisoft.trustmeeting.live
http://udaviemayas.com
http://work.gd
http://www.big-typl.online
http://www.team-meet.xyz
https://support.internal-meeting.site/359215/send-ip-request