The infamous North Korean Hacking syndicate Lazarus Group may be targeting Americans who are expecting stimulus payouts—among other beneficiaries of government stimulus from around the world.
According to a report by internet security research firm Cyfirma, Lazarus Group has devised a phishing scheme with some 5 million individuals and businesses in mind, spanning across the US, UK, Singapore, Japan, India and South Korea.
Cyfirma expects the attack to come this weekend over a two-day period and to affect small, medium and large businesses in addition to citizens.
— CYFIRMA (@cyfirma) June 19, 2020
The idea is to get these targets on the hook by impersonating a public servant or authority from their jurisdiction. If the intended victims take the bait, then they may divulge personal information that the hacking group can use to its benefit, Cyfirma explains in the post:
“The hacking campaign involved using phishing emails under the guise of local authorities in charge of dispensing government-funded Covid-19 support initiatives. These phishing emails are designed to drive recipients to fake websites where they will be deceived into divulging personal and financial information.”
Each country on the list (as with many around the world) are engaging in some form of stimulus for either its populace, business sector or both. Each scheme, Cyfirma detailed in the report, involves enticing targets with additional payouts, with the ultimate hope of teasing out more personal information from them—perhaps to sell on the black market.
Cyfirma has identified the following emails as being impersonator accounts involved in the phishing plan: [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; and [email protected]
The Lazarus Group has become crypto’s archetypal “bad guy” hacker group. The blackhat syndicate routinely burgles cryptocurrency exchanges, particularly those in South Korea. Some figures estimate that Lazarus has filched over $550 million in cryptocurrency over the years.