HQ/EMEAFind out how we can help your business
Researchers have attributed the North Korean-sponsored APT group, Lazarus, to a massive phishing operation targeting NFT investors. Based on reports, the campaign was initially spotted last September and has been observed by researchers since then.
The researchers explained that the phishing operators set up about 500 decoy websites that contain malicious Mints. The decoy sites spoof well-known NFT marketplaces such as Rarible, OpenSea, and X2Y2 to lure targets.
In a related incident, the operators of this latest phishing attack have also pretended to be a part of a project connected to the recently concluded World Cup in Qatar.
The advanced persistent threat group monitored and recorded user data through a domain name called thedoodles[.]site during the early phase of the phishing campaign.
The phishing operator starts if the NFT investors get baited by a malicious email.
An investigation revealed that the phishing campaign from the Lazarus group starts by distributing spam emails that contain legitimate-looking pages to the targeted NFT investors.
Suppose an investor accesses the link on the email; the button will redirect them to a fake website that has identical branding and the same layout as the spoofed marketplace.
Subsequently, the website will request personal information and investment data from the investor, which are then sent by the site to the attackers.
This strategy allows the APT group to acquire complete access to victims’ assets, including their approved records and signed data.
NFT-related attacks have steadily increased over the past few months, which left many experts concerned about the growth of the environment. A couple of months ago, a threat group delivered the Remcos RAT in the first stage of its attack and Eternity Stealer for its next phase.
The hackers executed the campaign to target cryptocurrency users and NFT communities on Discord and other online public forums. These campaigns could heavily impact such environments as more investors are willing to take advantage of the current profit they receive from these entities.
Cybersecurity experts advise these NFT investors to increase their knowledge regarding cybersecurity and improve their ability to spot phishing attacks to avoid losing funds.
