PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Watch Out, North Korea Wants Your Bitcoin

A phishing email that targets the cryptocurrency industry has been linked to the Lazarus Group, a shadowy hacking collective believed to work for North Korea.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Bitcoin experts beware. North Korean hackers are probably trying to fool you into installing malware. A new phishing email campaign that targets the cryptocurrency industry has been linked to a shadowy hacking collecting believed to work for North Korea.

SecurityWatchThe warning comes from security firm Secureworks. The English-written email pretends to offer a job opening for a CFO position at a London-based Bitcoin company. But a Microsoft Word attachment in the email can secretly install malicious code onto your computer.

Once opened, the Word doc will prompt the victim to accept the "Enable Editing," and "Enable Content" functions in Microsoft Word. Doing so activates a software macro that'll install a Remote Access Trojan, which can download additional malware onto your computer.

SecureWorks is blaming the attacks on the Lazarus Group, a North Korean hacking team that may have been behind the 2014 Sony Pictures breach.

SecureWorks North Korea

North Korea has been interested in Bitcoin for sometime. IP addresses from the country have been found conducting research into the cryptocurrency as far back as 2013, according to SecureWorks.

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

Experts say North Korean hackers are probably after Bitcoin to fund the country's government, which is facing heavy economic sanctions from governments across the world. So far, hackers from the country have targeted four different virtual currency exchanges in South Korea by sending out phishing emails.

With Bitcoin's value reaching $17,000, expect North Korea's interest in looting the cryptocurrency to remain high. SecureWorks said this latest phishing email campaign—sent in late October—is probably ongoing.

SecureWorks is linking the phishing attack to North Korea based on findings in the malware and how it triggers. The various components share some of the same coding techniques found in past Lazarus Group attacks, the security firm said.

SecureWorks is warning cryptocurrency companies to be aware of threat. Although the companies have become a go-to destination for investors to buy and mine Bitcoin, they're also a major target for hackers.

Earlier this month, a Bitcoin mining site called NiceHash was robbed of over 4,700 bitcoins, which is now valued at $83 million. The hackers somehow gained remote access to a company computer and stole an employee's credentials.

For consumers investing in bitcoin or other cryptocurrencies, it's best to use two-factor authentication and a strong unique password with whatever virtual exchange currency you use.

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio