Cyber security specialists from Moscow-based Kaspersky Labs said the notorious Lazarus Group, a hacking collective with links to North Korea, has come up with "enhanced capabilities" in order to target individuals and organisations around the world.
The cyber-theft campaign, referred to as Operation AppleJeus, has been ongoing since at least 2018 and has so far claimed victims in the UK, China, Poland and Russia.
The hackers lure in victims by setting up fake cryptocurrency websites, as well as fake trading groups on the Telegram app. Telegram did not respond to a request for comment.
Malicious links on the sites and groups then infect the target’s device and give attackers access to user data.
"Since the initial appearance of Operation AppleJeus, we can see that over time the authors have changed their modus operandi considerably," Kaspersky Researchers wrote in a report detailing the attacks. "We assume this kind of attack on cryptocurrency businesses will continue and become more sophisticated."
Cryptocurrency has been a consistent target of North Korean hackers in recent years, with experts saying it offers a "financial lifeline" to evade crippling economic sanctions and finance the development of nuclear weapons.
"Cryptocurrency exploitation is allowing North Korea to transact with the rest of the world in ways that aim to circumvent sanctions designed to curb its proliferation financing," Kayla Izeman, a research analyst who co-authored a paper on the phenomenon, told The Independent last year.
A UN report from 2019 estimated that North Korea has earned up to $2 billion in cryptocurrency by hacking online exchanges and organisations.
This far exceeded original estimates by the UN Security Council, which claimed the country had amassed around $670m worth of bitcoin and other cryptocurrencies.
North Korea has previously denied accusations that it engages in cyber crime, while simultaneously courting cryptocurrency and cyber security experts at conferences held in Pyongyang.
More about: cryptocurrency