Crypto Crime Alert! North Korea-Linked Group Laundered $7 Billion! ๐Ÿ˜ฑ

Oct 09 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wonโ€™t let you down in the never ending fight against cybercrime like Israelโ€™s Iron Dome in the never ending fight for/againstโ€ฆ Umm weโ€™ll get back to you on that ๐Ÿ˜ณ In all seriousness, #PrayforIsrael ๐Ÿ™๐Ÿ™๐Ÿ™

Todayโ€™s hottest cybersecurity news stories:

  • โšฐ๏ธ Lazarus Group rises. N. Koreaโ€™s finest launders $900m in crypto ๐Ÿ’ฐ

  • โšก Semiconductor firms hit with Cobalt Strike by Chinese hackers ๐Ÿ‘จโ€๐Ÿ’ป

  • โ˜ ๏ธ Cybercrime gangs are dropping ransomware within 24 hours of hack โฐ

Lazarus returns. Why not? Theyโ€™re Korea criminals! ๐Ÿ™ˆ๐Ÿ‘€๐Ÿ’€

๐Ÿ“ข Crypto Crime Alert! North Korea-Linked Group Laundered $7 Billion! ๐Ÿ˜ฑ

In a shocking revelation, a staggering $7 billion in cryptocurrency has been laundered through cross-chain crimes, and the infamous North Korea-linked Lazarus Group is responsible for nearly $900 million of those ill-gotten gains from July 2022 to July this year. ๐Ÿ˜จ๐Ÿ’ฐ

๐Ÿ”— What’s Cross-Chain Crime? It’s the sneaky act of converting crypto assets from one blockchain to another, making it super tricky to trace the money’s origins. ๐Ÿ˜ˆ๐Ÿ’ธ

๐Ÿ“Š According to blockchain experts at Elliptic, the Lazarus Group’s use of cross-chain bridges has skyrocketed the use of this technique, resulting in a whopping 111% increase in funds sent via such services. ๐Ÿ˜ฑ๐Ÿ“ˆ

๐Ÿš€ The group has been on a hacking spree since June 2023, targeting various crypto platforms and making off with a whopping $240 million. ๐ŸŽฏ๐Ÿ’ป

๐Ÿ’ฃ But that’s not all! The Lazarus Group is a versatile threat actor, known for cyber espionage, cyber sabotage, and chasing financial gains. They’re even using “chain-hopping” to launder their loot. ๐Ÿ”„๐Ÿ’ฐ

๐ŸŒŠ Meanwhile, South Korea’s National Intelligence Service (NIS) warns of North Korea’s cyber attacks on its shipbuilding sector, using tactics like phishing emails and infecting IT maintenance company PCs. Be vigilant, folks! ๐Ÿ‘€๐Ÿ›ก๏ธ

Stay safe in the crypto world, and keep an eye out for these sneaky cyber criminals! ๐Ÿ’ป๐Ÿ”


Clean your Mac or PC


Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That’s where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it’s the perfect solution for keeping your Mac or PC safe and secure.

Chinese Hacker: Iโ€™ve got a Semi ๐ŸŽฏ๐Ÿ˜ˆ๐Ÿ˜ˆ

๐Ÿšจ Cybersecurity Alert: East Asia Semiconductor Firms Targeted! ๐Ÿ–ฅ๏ธ๐Ÿ”’

๐ŸŽฏ Threat actors have been caught red-handed, targeting semiconductor companies in East Asia. They’re posing as the renowned Taiwan Semiconductor Manufacturing Company (TSMC) and using this disguise to deliver malicious Cobalt Strike beacons. ๐Ÿ˜ฑ๐Ÿ’ป

๐Ÿ”“ How Do They Do It? These cybercriminals use a backdoor named HyperBro, then deploy attack simulation software and post-exploitation tools. They’ve also tried sneaky tactics like using an undisclosed malware downloader to launch Cobalt Strike, proving they’re quite clever. ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐ŸŒ

โ˜ญ China Connection? Dutch cybersecurity experts from EclecticIQ believe this campaign is linked to China due to the use of HyperBro, a tool previously associated with the Lucky Mouse threat actor. ๐Ÿญ

๐Ÿ•ต๏ธโ€โ™‚๏ธ More Connections: There are tactical overlaps with another group called RedHotel and another named Earth Lusca. Seems like these cyber villains are well-connected. ๐ŸŒ

๐Ÿ“ˆ How They Trick You: They use a fake TSMC-themed PDF document as a decoy after infecting your system with HyperBro. Crafty, right? ๐Ÿ“„

๐Ÿ›ก๏ธ Avoiding Detection: To dodge detection, the Cobalt Strike beacon’s server address is disguised as a legitimate jQuery CDN, sneaking past firewall defences. ๐Ÿค–๐Ÿ”ฅ

๐ŸŒ Global Impact: Meanwhile, Belgium is also on high alert for possible spying and interference activities by Chinese entities, including Alibaba, at Liรจge cargo airport. China’s influence is spreading far and wide. ๐Ÿ›ก๏ธ

โš ๏ธ U.S. Warning: The U.S. Department of Defense warns that China poses a significant cyber espionage threat, stealing tech secrets and compromising critical infrastructure. Cybersecurity is more crucial than ever! ๐Ÿ’ผ

Stay vigilant, folks! Protect your systems, and be cautious of suspicious emails and documents. ๐Ÿ›ก๏ธ๐Ÿ“ง

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can’t get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)

๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)

๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Hackers: What a difference a day makesโ€ฆ 24 little hours ๐ŸŽถ

Jennifer Aniston Taking Control GIF by Apple TV+


Gif by AppleTV on Giphy


๐Ÿ”’ Ransomware Attacks Strike Faster Than Ever! โšก๐Ÿ’ป

A new threat report from cybersecurity company Secureworks reveals that cybercriminals are now deploying ransomware within a mere 24 hours after hacking into their victims’ systems. ๐Ÿ˜ฑ๐Ÿ•’

Last year, it took them an average of 4.5 days to initiate ransomware attacks, but this has dramatically decreased. Secureworks warns that 2023 could be the year with the highest number of ransomware attacks ever recorded. ๐Ÿ˜ฌ๐Ÿ’ผ

In May 2023, there were three times more victims listed on leak sites compared to the same month the previous year, indicating the scale of the problem. However, these leak sites only represent a fraction of the actual victims known to law enforcement. ๐ŸŒ๐Ÿ”

The report advises caution when using leak site data but emphasises that ransomware and data theft extortion remain a significant threat to businesses. ๐Ÿ˜“๐Ÿ’ฐ

Secureworks also found that in over 50% of cases, cybercriminals managed to execute their ransomware within just 24 hours of infiltrating a victim’s network. The median dwell time has sharply dropped from 4.5 days to much shorter intervals, with some ransomware attacks happening within just five hours of initial access. โณ๐Ÿš€

This trend is driven by cybercriminals seeking to reduce their chances of detection. The cybersecurity industry has become better at spotting precursor activities to ransomware attacks.

As a result, threat actors are opting for quicker and simpler operations, though the risk remains substantial. Stay vigilant, and protect your systems! ๐Ÿ›ก๏ธ๐Ÿ“ˆ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ๐Ÿ’Šย HealthHack:ย Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps, this newsletter does the research for you, get all the latest health tech gadgets delivered to your inbox.

  • โ‚ฟ Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.

  • ๐Ÿง ย Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles