back to article North Korean hackers pwned cryptocurrency sysadmin with GDPR-themed LinkedIn lure, says F-Secure

Infosec biz F-Secure has uncovered a North Korean phishing campaign that targeted a sysadmin with a fake Linkedin job advert using a General Data Protection Regulation (GDPR) themed lure. The sysadmin worked for a cryptocurrency business, said the threat intel firm, which made him a ripe target for the money-hungry state …

  1. Anonymous Coward
    Anonymous Coward


    People still fall for this :-(

    1. Doctor Syntax Silver badge

      Re: Really?

      And they use the same PC for mail, or at least a PC on the same network, as the stuff they're administering.

      Malware is a fact of life. Computers as production machines are a fact of life. Letting one get through to the other doesn't have to be.

  2. chivo243 Silver badge


    in a document that could have\should have been in plain text? Wait, what am I saying, plain text looks like shit... Thanks MS for showing us the error in our ways!

  3. Pascal Monett Silver badge

    Enable Content

    You have to be a boob to go and enable content just to read a Word document. Whatever is enabled is just links and code, the actual content of the document does not need enabling to read it. On top of that, whatever links may be embedded generally pertain to the author's network, and you haven't a snowball's chance in Hell of being able to access it. So the only thing you'd be enabling is code you don't know.

    And this was a sysadmin <facepalm>.

    1. lglethal Silver badge

      Re: Enable Content

      And this was a sysadmin...

      who works in cryptocurrency.

      Purveyors of Snake Oil are just as likely to fall for other Snake Oil salesman's palaver as the general public...

      1. HildyJ Silver badge

        Re: Enable Content

        The user shall be with you always.

        As much as we decry AI, humans with real intelligence don't necessarily have common sense. Some people will click on and through anything. And it only takes one.

    2. Frank Bitterlich

      Re: Enable Content

      Not sure what the "facepalm" is about.

      The behavior of the targeted sysadmin? I see no mention in the article that (s)he actually fell for the trap.

      The fact that they (the authors, apparently APT38) sent out such badly disguised attacks? Normal procdure. Send that to 1000 people (whether IT security "professionals" or not), and you will definitely get a non-zero number of people falling for it.

  4. Paul 87

    2020 and people are *still* getting hurt by Word Macro viruses....

    Anyone else think that Word should have the feature removed entirely? No need for a doc to be anything other than formatted text

    1. Anonymous Coward
      Anonymous Coward

      @Paul 87 - It's an old disease

      It is called compulsive programming. Too many coders with too much time on their hands working on solutions searching for a problem.

      1. TchmilFan

        Re: @Paul 87 - It's an old disease

        See also TCP/UDP for Chrome

    2. c1ue

      It isn't clear that just "disabling" macros would do the trick.

      The interoperability of MS Office between its different sub-areas (Powerpoint, Excel, browser etc) via AJAX is never going to be secure - since AJAX enables delivery via Javascript libraries.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021