Nearly 500 phishing domains are being used by hackers connected to North Korea's Lazarus Group in a massive phishing campaign that targets investors in nonfungible tokens (NFT).
On December 24, the blockchain security company SlowMist published a report outlining the methods used by North Korean APT groups to separate NFT investors from their NFTs, including bogus websites impersonating various NFT-related platforms and projects.
These fraudulent websites include one that presents itself as a World Cup project and others that mimic popular NFT marketplaces like OpenSea, X2Y2, and Rarible.
One of the strategies, according to SlowMist, is to have these fake websites offer "malicious Mints," which trick the victims into believing they are minting real NFTs by connecting their wallets to the website.
The NFT is actually a scam, and as a result, the victim's wallet is open to attack by the hacker who now has access to it.
The report also showed that a large number of phishing websites shared the same Internet Protocol (IP), with 372 NFT phishing websites sharing a single IP and another 320 NFT phishing websites sharing a different IP.
The phishing campaign, according to SlowMist, has been going on for a while; the earliest registered domain name was about seven months ago.
Along with linking images to target projects, other phishing techniques used included gathering visitor information and saving it to external websites.
The hacker would then use different attack scripts on the victim after obtaining the visitor's data, giving them access to the victim's access records, authorizations, and use of plug-in wallets as well as sensitive data like the victim's approve record and sigData.
SlowMist stressed that this is only the "tip of the iceberg," as the analysis only considered a small portion of the materials and only "some" of the North Korean hackers' phishing traits.
For instance, SlowMist noted that one phishing address alone was able to profit 300 Ether and 1,055 NFTs, totaling $367,000, through its phishing techniques.
It also stated that the Naver phishing campaign, which was previously reported by Prevailion on March 15, was carried out by the same North Korean APT group.
In 2022, North Korea was the target of numerous thefts of cryptocurrencies.
The National Intelligence Service (NIS) of South Korea reported on December 22 that North Korea had stolen cryptocurrencies worth $620 million just this year.
The National Police Agency of Japan issued a warning to the nation's crypto-asset businesses in October, cautioning them to be wary of the North Korean hacking group.
No comments:
Post a Comment