Google-owned Mandiant Cybersecurity Consulting firm has recently released a report exposing the tactics used by North Korea-based threat actors to target entities in the cryptocurrency and decentralised finance industry. The report, titled “Modus Operandi of UNC1069: Targeting the Crypto World through Social Engineering and Deep Fake Videos,” sheds light on the alarming rise of ClickFix scams and the use of social engineering tactics by these hackers.
According to the report, the UNC1069 threat actors specifically target individuals and organizations in the cryptocurrency and decentralised finance industry. These industries have seen a significant growth in recent years, making them lucrative targets for cybercriminals. The hackers use a combination of social engineering and deep fake videos to gain the trust of their victims and infect their systems with malware families.
The first step in their modus operandi is to contact their victims through the popular messaging app Telegram. The hackers send a link to the victim, inviting them to join a fake Zoom meeting. Once the victim joins the meeting, the hackers use AI-generated deep fake videos of well-known personalities to gain their trust. These videos are so convincing that the victim is led to believe that they are speaking to a legitimate person.
Once the hackers have gained the trust of their victim, they proceed to infect their system with malware. This malware is specifically designed to steal sensitive information, such as login credentials, credit card details, and cryptocurrency wallets. The victim is then left vulnerable to financial fraud and identity theft.
The use of deep fake videos in this modus operandi is particularly concerning. Deep fake videos are created using artificial intelligence and machine learning algorithms, making them almost impossible to detect. These videos are often used to manipulate and deceive individuals, and in this case, they are being used to facilitate cybercrime.
The report also highlights the rise of ClickFix scams, which have become a popular method for cybercriminals to steal cryptocurrency. ClickFix scams involve tricking victims into clicking on a malicious link, which then leads them to a fake website where they are asked to enter their login credentials. Once the victim enters their credentials, the hackers gain access to their cryptocurrency wallets and can transfer the funds to their own accounts.
The UNC1069 threat actors have been highly successful in their attacks, with numerous victims falling prey to their tactics. This has resulted in significant financial losses and damage to the reputation of the targeted entities. It is believed that the hackers have already made millions of dollars through their illegal activities.
In light of this report, it is crucial for individuals and organizations in the cryptocurrency and decentralised finance industry to be vigilant and take necessary precautions to protect themselves against such attacks. It is recommended to have robust cybersecurity measures in place, such as using strong passwords, two-factor authentication, and regularly updating software and systems.
Moreover, it is essential to be cautious when receiving any unsolicited links, even if they appear to be from a trusted source. It is always better to verify the authenticity of the link before clicking on it. Additionally, individuals should be aware of the dangers of deep fake videos and be cautious when communicating with unknown individuals online.
The release of this report by Mandiant Cybersecurity Consulting firm serves as a reminder of the ever-evolving tactics used by cybercriminals to target individuals and organizations. It also highlights the importance of investing in cybersecurity and staying informed about the latest threats and vulnerabilities.
In conclusion, the UNC1069 threat actors have been using a sophisticated combination of social engineering and deep fake videos to target entities in the cryptocurrency and decentralised finance industry. Their modus operandi is a cause for concern, and it is crucial for individuals and organizations to take necessary precautions to protect themselves against such attacks. The release of this report by Mandiant Cybersecurity Consulting firm serves as a wake-up call for the industry to strengthen their cybersecurity measures and stay vigilant against cyber threats.
