A June 13 threat intelligence report from Google Cloud exposed a wave of cyberattacks by North Korean hackers targeting cryptocurrency exchanges, fintech companies, and individuals in Brazil. The report identifies the North Korean hacking group Pukchong as the culprit behind the attacks. Cybercriminals are using malicious software disguised as a crypto price tracker to lure victims into downloading malware that gives attackers control over systems and enables the retrieval of harmful payloads.
In addition to Pukchong, other North Korean hacking groups, such as GoPix and URSA, were found to be actively targeting Brazilian cryptocurrency firms using similar malware attacks. Google threat intelligence revealed that North Korean groups have targeted Brazil’s cryptocurrency firms, aerospace, defense, and government entities, while Chinese government-backed cybercriminals focus on government organizations and the energy sector. These attacks have raised concerns over the security of cryptocurrency wallets and exchanges, which are constantly targeted by hackers.
Brazil’s digital boom has made it a rewarding target for cybercriminals, as its thriving economy and digital payment market provide ample opportunities for exploitation. Ransomware groups that previously targeted North America and Europe have now turned their attention to Brazil, with ransomware-as-a-service gang RansomHub identifying the country as its second most-targeted country on its leak site. These threats highlight the vulnerability of Brazil’s digital landscape to cyber attacks from both local and foreign threat actors.
Trust Wallet recently warned about a zero-day exploit targeting iOS users that could allow hackers to gain unauthorized access to users’ data. The crypto wallet provider advised users to disable iPhone iMessage until Apple fixes the gap. Similarly, cybersecurity firm Kaspersky uncovered that the North Korean hacking group Kimsuky deployed malware targeting South Korean crypto firms in May 2024. The malware named “Durian” allows for the execution of delivered commands, additional file downloads, and exfiltration of sensitive files.
Google’s threat analysis emphasizes the need for increased cybersecurity measures in Brazil to defend against cyber threats targeting its cryptocurrency industry and digital infrastructure. The combination of Google TAG and Mandiant expertise provides valuable insights into Brazil’s unique threat landscape. As the country continues to experience a digital transformation, it is crucial for organizations and individuals to remain vigilant against cyber threats and take proactive steps to safeguard their data and systems from potential attacks.
