North Korean state-sponsored hackers expanded their arsenal, launching a new campaign dubbed ‘Hidden Risk’ that seeks to infiltrate crypto firms through malware disguised as legitimate documents.
In a Thursday report, hack research firm SentinelLabs connected the latest campaign to the notorious BlueNoroff threat actor, a subgroup of the infamous Lazarus Group, known for siphoning off millions to fund North Korea's nuclear and weapons programs.
The series of attacks is a calculated effort to extract funds from the fast-growing $2.6 trillion crypto industry, taking advantage of its decentralized and often under-regulated environment.
The FBI recently issued warnings about North Korean cyber actors increasingly targeting employees of DeFi and ETF firms through tailored social engineering campaigns.

North Korea's ‘Malicious Cyber Activities’ Deeply Concerning, Say US, Japan, South Korea: Report
Special envoys for the Democratic People's Republic of Korea (DPRK) from the United States, Japan, and South Korea have expressed grave concerns about the country's growing nuclear program. The envoys noted that North Korea's overseas workers, including IT specialists engaged in "malicious cyber activities," are a major factor in the regime's ability to finance its weapons programs through the theft and laundering of funds, including cryptocurrencies, per an AFP report. Citing estimates from cry...
The hackers’ latest campaign appears to be an extension of those efforts, focusing on breaching crypto exchanges and financial platforms.
Instead of their usual strategy of grooming social media victims, the hackers rely on phishing emails that appear as crypto news alerts, which began cropping up in July, according to the report.
Social media grooming typically refers to an elaborate strategy where cybercriminals build trust with targets over time by engaging with them on platforms like LinkedIn or Twitter.
The emails, disguised as updates on Bitcoin (BTC) prices or the latest trends in decentralized finance (DeFi), lure victims into clicking on links that appear to lead to legitimate PDF documents, per the report.
But rather than opening a harmless file, unsuspecting users inadvertently download a malicious application onto their Macs.

WazirX Loses $230 Million in Suspected DPRK Hack
The attack that caused WazirX, the largest crypto exchange in India, to lose more than $230 million has been attributed to North Korea-based actors by cybersecurity firm Elliptic. Meanwhile, WazirX has published its own analysis of the exploit in a July 18 preliminary incident report and on Friday morning wrote on Twitter that it has filed a police report. WazirX explained in its report that the incident saw one of the firm's multi-signature wallets send funds to a non-whitelisted address. The f...
The report found the new malware more concerning because it cleverly bypasses Apple’s built-in security protections. The hackers get their software signed with legitimate Apple Developer IDs, allowing it to evade macOS’s Gatekeeper system.
Once installed, the malware uses hidden system files to stay undetected, even after the computer is restarted, and it communicates with remote servers controlled by the hackers.
The SentinelLabs report advises macOS users, particularly within organizations, to tighten their security measures and heighten their awareness of possible risks.
Edited by Sebastian Sinclair