North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics
Jun 14, 2024
Cyber Espionage / Cryptocurrency
Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian government and Brazil's aerospace, technology, and financial services sectors," Google's Mandiant and Threat Analysis Group (TAG) divisions said in a joint report published this week. "Similar to their targeting interests in other regions, cryptocurrency and financial technology firms have been a particular focus, and at least three North Korean groups have targeted Brazilian cryptocurrency and fintech companies." Prominent among those groups is a threat actor tracked as UNC4899 (aka Jade Sleet, PUKCHONG, and TraderTraitor), which has targeted cryptocurrency professionals with a malware-laced trojanized Python app. The attack chains involve reaching out to pote