According to a recent report, North Korean hackers associated with the cybercrime organization “Lazarus Group” are behind a massive phishing campaign that targets investors in non-fungible tokens (NFTs) and uses 500 phishing domains to trick victims.
Cointelegraph cited the report as saying that the tactics used by the North Korean Advanced Persistent Threat (APT) groups to divert NFT investors from their NFTs include using fake websites that imitate various NFT-related platforms and projects.
One of the tactics used was the use of “malicious Mints,” which deceived the victims into believing they were minting a real NFT by connecting their wallet to the website.
The report also revealed that many phishing websites used the same Internet Protocol (IP), with 320 NFT phishing websites using a different IP and 372 NFT phishing websites sharing a single IP.
Happy Birthday Ratan Tata: Today Is Ratan Tata’s 85th Birthday; Here Is A Look At His Wealth, Charitable Contributions, And More
Other phishing methods employed included recording and saving visitor data to external websites, as well as adding images to the projects that were being targeted.
According to the report, one phishing address alone obtained 1,055 NFTs and profited 300 Ethereum (ETH), totaling $367,000.
Lazarus Group (also known as the Guardians of Peace or Whois Team) is a cybercrime organization run by the North Korean government that consists of an unknown number of individuals. While little is known about the Lazarus Group, researchers have linked them to several cyberattacks between 2010 and 2021. Originally a criminal organization, the group has been designated as an advanced persistent threat due to its intended nature, threat, and diverse methods of operation. Cybersecurity organizations have given names such as HIDDEN COBRA (used by the US Department of Homeland Security to refer to malicious cyber activity by the North Korean government in general) and Zinc (by Microsoft).