Multiple threat activity clusters linked to North Korea have been identified targeting the Web3 and cryptocurrency domains. According to Mandiant's report, these cyberattacks are financially motivated, particularly due to heavy international sanctions on North Korea. Threat actors utilize custom tools and various programming languages to exploit Windows, Linux, and macOS systems. Notable clusters include UNC1069, which uses social engineering tactics, UNC4899, which employs job-related malware for financial gain, and UNC5342, known for tricking developers into executing malicious code through project lures.
The focus on Web3 and cryptocurrency appears to be primarily financially motivated due to the heavy sanctions that have been placed on North Korea.
These activities aim to generate financial gains, reportedly funding North Korea's weapons of mass destruction (WMD) program and other strategic assets.
UNC1069 targets diverse industries for financial gain using social engineering ploys by sending fake meeting invites and posing as investors on Telegram.
UNC4899 is known for orchestrating job-themed campaigns that deliver malware as part of a supposed coding assignment.
Collection
[
|
...
]