North Korean hackers are displaying a “startup mentality” as they experiment with new methods to pull off cryptocurrency heists, a report by cybersecurity firm Proofpoint said Wednesday.
The Sunnyvale, Calif.-based firm said a group they identify as TA444, which overlaps with infamous hacker collective Lazarus, launched a massive wave of phishing attacks in December targeting the financial, education, government and healthcare sectors in the United States and Canada.
The group’s emails used approaches that differed from tactics researchers had previously associated with them, including efforts to gain users’ passwords and login information.
“This sprawling credential harvesting activity is a deviation from normal TA444 campaigns, which typically involve the direct deployment of malware,” the report said.
The hackers used email marketing tools to help avoid phishing filters and created content such as job offers and salary adjustments to lure targets. They also relied on social media networking service LinkedIn to engage with victims before delivering links to malware, the researchers said.