North Korean Hackers Reportedly Targeting Crypto Companies in Brazil

North Korean Hackers Target Brazilian Crypto Companies: New Report
A recent report from Google Cloud on June 13 has revealed a concerning rise in cyberattacks by North Korean hackers aimed at cryptocurrency exchanges, fintech firms, and individuals in Brazil.
The report has pinpointed the notorious North Korean hacking group Pukchong (also known as UNC4899) as the main culprit behind these attacks.
These cybercriminals have been employing a deceptive strategy to trick unsuspecting victims into downloading malicious software disguised as a cryptocurrency price tracker. Once installed, the malware grants the hackers control over the victim’s system and allows them to retrieve additional harmful payloads.
According to Google’s threat intelligence, North Korean hacker groups have been targeting cryptocurrency firms in Brazil, as well as aerospace, defense, and government entities. In contrast, Chinese government-backed hackers have been focusing on government organizations and the energy sector in the South American nation.
Aside from Pukchong, other North Korean hacking groups like GoPix and URSA have also been actively targeting Brazilian cryptocurrency companies using similar malware tactics.
This alarming discovery comes at a time of heightened concerns regarding the security of cryptocurrency wallets and exchanges, which are constantly under siege by hackers.
For example, Trust Wallet recently issued a warning about a zero-day exploit that targets iOS users, potentially allowing hackers to gain unauthorized access to user data. Trust Wallet advised users to disable iPhone iMessage until Apple can address the vulnerability.
In another incident in May 2024, cybersecurity firm Kaspersky uncovered that the North Korean hacking group Kimsuky had deployed malware targeting South Korean crypto firms. This malware, known as “Durian,” enables the execution of commands, file downloads, and the extraction of sensitive data.
Google’s threat analysis has highlighted Brazil’s vulnerability to cyber threats from both local and foreign actors. As the country’s digital payment market continues to grow, its thriving economy has made it an attractive target for cybercriminals.
Interestingly, ransomware groups that previously focused on North America and Europe are now turning their attention to Brazil. RansomHub, a ransomware-as-a-service gang, has identified Brazil as its second most targeted country on its leak site, emphasizing the increasing threat to the country’s digital landscape.