North Korean-linked threat actors are targeting Web3 and cryptocurrency companies with Nim-based malware called NimDoor, employing advanced persistence and communication techniques. They also utilize social engineering and multi-stage attack chains on macOS and Windows platforms to steal data and maintain control. #NorthKorea #NimDoor
Keypoints
- Threat actors associated with North Korea are developing sophisticated Nim-based malware for targeted attacks.
- The malware uses process injection, encrypted WebSocket communications, and a unique persistence mechanism to evade detection.
- Attack chains involve social engineering tactics via Telegram and email to deceive targets into executing malicious scripts.
- Malware components can harvest credentials, exfiltrate system data, and maintain persistence despite user termination efforts.
- Kimsuky and other North Korean groups continuously adapt their tactics, leveraging GitHub and cloud services for stealthy operations.
Read More: https://thehackernews.com/2025/07/north-korean-hackers-target-web3-with.html