Brazilian fintechs exposed to North Korean cyberattacks

June 13, 2024
1 min read




Summary of North Korean Cyberattacks on Brazilian Fintech Firms

TLDR:

  • North Korean cybercriminals are targeting Brazilian cryptocurrency and fintech sectors.
  • Google Cloud’s report reveals coordinated attempts to hijack, extort, and defraud Brazilian individuals and organizations.

Google Cloud’s threat intelligence department has uncovered North Korean government-backed cyber attackers targeting Brazil’s cryptocurrency exchanges and fintech companies. The report highlighted coordinated attempts to hijack, extort, and defraud Brazilian individuals and organizations through malware and phishing schemes. The notorious North Korean cybercriminal group Pukchong targeted Brazilian citizens and organizations by tricking job seekers into downloading malware. Other malware attacks from groups like GoPix and URSA were also found targeting Brazilian crypto firms. Additionally, Chinese government-backed cyber criminals focus on government organizations and the energy sector in Brazil.

Cyberattacks Beyond Borders

Crypto wallet provider Trust Wallet warned Apple users about a zero-day exploit that could allow hackers to take control of users’ phones. North Korean hacking group Kimsuky utilized a new malware variant named “Durian” to target South Korean crypto firms. This malware enables the execution of commands, file downloads, and exfiltration of files. LazyLoad was also used by Andariel, a sub-group of the Lazarus Group, suggesting a connection between Kimsuky and the more notorious hacking group.

Full Article:

North Korean cybercriminals are actively targeting Brazil’s cryptocurrency and fintech sectors, according to a report from Google Cloud’s threat intelligence department. The report revealed coordinated attempts by North Korean government-backed cyber attackers to hijack, extort, and defraud Brazilian individuals and organizations. The cybercriminal group Pukchong, also known as UNC4899, targeted Brazilian citizens and organizations through a malware-infected Python app disguised as a cryptocurrency price tracker.

In addition to the attacks on cryptocurrency firms, aerospace and defense, and government entities, Chinese government-backed cyber criminals focus on government organizations and the energy sector in Brazil. The report highlighted how these cyber threats extend beyond borders, with North Korean hacking group Kimsuky using a new malware variant called “Durian” to target South Korean crypto companies.

Trust Wallet advised Apple users to disable iMessage due to a zero-day exploit that could be exploited by hackers to take control of users’ phones. This underscores the importance of cybersecurity awareness and protection measures in the crypto and fintech sectors. Businesses and individuals must remain vigilant against evolving cyber threats to safeguard their digital assets and sensitive information.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and