Blockchain developers on GitHub were "under the gun" of DPRK hackers
Date: 2023-07-24 Author: Karina Ziganova Categories: BUSINESS
GitHub believes that hackers from the North Korean group Lazarus are hiding behind phishing schemes
Cybercriminals affiliated with North Korea began to hunt for developers of blockchain applications. This was announced in a blog post by representatives of the hosting of IT projects GitHub. According to the hosting staff, the developers of cryptocurrency and gambling projects were at risk.
Cybercriminals have increasingly begun to create fake copies or hack into real accounts of programmers on GitHub. In the future, hackers send letters from these accounts to victims with an offer to work on a joint project.
However, instead of a joint project, victims involuntarily run malicious code on their device. From there, attackers can connect remotely to carry out further operations. The scale of the attack is unclear, but GitHub claims that so far the campaign has not affected a large number of users of the site. Representatives of the hosting noted the presence of fake accounts of well-known blockchain developers in Slack, LinkedIn and Telegram. GitHub urged users to pay attention to the presence in the source code of links to cryptocurrency-related sites.
Earlier, the North Korean group Labyrinth Chollima hacked the American platform for cloud authentication JumpCloud. Analysts at research firms Crowdstrike and SentinelOne believe that as a result of the hack, customers of the site from the cryptocurrency industry were at risk. TechCrunch estimates that 180,000 organizations use JumpCloud's services. The extent of the hacker attack remains unclear, but JumpCloud itself confirmed that because of the attack, the company had to change the API keys of customers.
According to the calculations of the on-chain firm Chainalysis, in 2022, North Korean attackers stole about $1.7 billion in cryptocurrency. For comparison, in 2020, North Korea's export revenue amounted to only $142 million.
