Don’t be a castaway in this latest spear phishing attack

Feb 13 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily newsletter that starts more watercooler chats than a Sam Smith music video.

Today’s hottest cyber security stories:

  • Reddit gets Spear-phished!
  • Job hunted! Russian scammers phish for would-be workers
  • Crypto-jacked! N. Korea infects US healthcare infrastructure


Last Sunday, the massively popular social interest/news sharing forum Reddit was hacked in what it has since described as a “sophisticated” phishing attack. Reddit boasts 50 million daily users!

Employees of the site were lured to a fake intranet landing page and asked for credentials and two-factor authentication tokens.

Reddit said it first became aware of the successful breach of its systems late on February 5th.

Only takes one!

After one employee fell victim to the phishing attack, the hacker was able to breach internal Reddit systems to steal data and source code.

The attack was dubbed an instance of “sophisticated” spear-phishing. No shame in being spear-phished, right? Wrong. This all smells a bit phishy (sorry) to us.

The whole ‘sophisticated spear-phishing’ thing sounds like a face-saving exercise. Okay, some phishing attempts are better than others, admittedly…. But none of them are great, are they? None of them (that we’ve seen, anyway!) pass the smell test upon closer inspection.

They require the ‘fish’, if you will, to be either stupid or (more commonly) not paying attention. Sorry Reddit employee who clicked the link in the offending email, that means you!

Hold up, what’s Spear-phishing?

It’s actually a pretty on-point bit of verbiage. So, a classical phishing attack is a bit like a commercial fishing operation wherein a giant net is cast and the fishermen basically hope for the best.

This is the equivalent of a scammer sending out thousands of the same email to all sorts of different people, hoping that a few may ‘bite’. It may be effective due to the shear scope but let’s face it, there’s not much finesse involved.

Spear-fishing obviously involves more precision as it targets specific fish; or, in the case of spear-phishing, people, or groups (Groupers? Schools? Anyone?) of people. Got it? Good!


Russian hackers must have noticed that, for their neighbors to the west, no job is too small… Or too suspicious!

The crafty Soviets have pitted Polacks’ work ethics against them in this latest phishing scam that reels victims in with fake job opportunities.

Everyone knows eastern Europeans never turn down work. But, in a cruel twist of fate, this admirable trait has been exploited by scammers for financial gain.

The Russians, it seems, aren’t work shy either, mind. Well, that is when it comes to dreaming up new scams!

Upon clicking the “job offers”, these poor, unsuspecting crypto-sphere-dwellers are tricked into installing information-stealing malware.

Offending parties:

  • Enigma
  • Vector
  • TgToxic

Diary of infection:

The intricate infection journey starts with a rogue RAR archive file that’s distributed via phishing or social media platforms.

It contains two documents, one of which is a .TXT file that includes a set of sample interview questions related to cryptocurrency.

The second file is a Microsoft Word document that, while serving as a decoy, is tasked with launching the first-stage Enigma loader, which, in turn, downloads and executes an obfuscated secondary-stage payload through Telegram. Scary stuff!


It’s a shame the United States don’t have Donald Trump anymore to flyover and give old Kim Jong Un a kiss and a cuddle like he used to because North Korea seems hellbent on targeting the old U.S. of A in all manner of crypto-jacking operations!

Tracked, hacked, and crypto-jacked!

So, the latest is another (another?!) ransomware attack orchestrated by North Korean threat actors which targeted US and South Korea governments.

The attacks, which demand crypto ransoms in exchange for re-access to encrypted files, are executed to support North Korea’s priorities and objectives on a national level.

So, yeah… think nuclear weapons! Don’t worry, though, they’re just for hunting deer.

Your money or your… healthcare!

Specifically, these crypto stickups have been targeting American and South Korean healthcare infrastructure, along with “critical infrastructure facilities”.

Uh-oh US and N. Korea, that stuff sounds kind of important.

North Korean threat actors have been linked to espionage, financial theft, and crypto-jacking operations for years.

This includes the infamous (in certain circles, at least) WannaCry ransomware attacks of 2017 that infected hundreds of thousands of machines located in over 150 countries. Yikes!

North Korean hackers stole record-breaking virtual assets (crypto, mostly), estimated to be worth between $630 million and more than $1 billion in 2022, according to the UN.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles