North Korean Hacker Groups Employing New Methods to Target Web3 Companies

North Korean hacker groups are developing new tactics to target Web3 companies, including methods aimed at infecting Apple systems. Furthermore, social engineering is becoming more prevalent in these attacks, highlighting the advanced preparation level of these operations.

New Methods from North Korean Hackers: Nim Malware and Clickfix

North Korean hacker groups are increasingly adopting new methods to exploit vulnerabilities and gain access to the systems of Web3 companies. One such method, identified as Nimdoor, specifically focuses on infecting Apple systems due to their popularity.

According to The Hacker News, the attack involves communicating with targets using social engineering and arranging meetings through video conferencing software like Zoom. The invitation sent for the Zoom call includes a link that prompts the user to update their Zoom software to the latest version.

However, in reality, this software delivers a script that allows attackers to collect system information and execute arbitrary code, thereby opening the infected system to remote management. Researchers emphasized that this demonstrates how North Korean hackers are leveraging the capabilities of Apple systems to execute their attacks. SentinelOne researchers Phil Stokes and Raffaele Sabato explained:

“Nim’s ability to run functions during compilation allows attackers to blend more complex behaviors into a binary with less obvious control flow, resulting in compiled binaries where developer code and Nim runtime code are intertwined even at the function level.”

Additionally, North Korean groups are employing other email-focused methods in a campaign researchers have named Babyshark. This method involves presenting socially engineered fake documents designed to entice users into opening them. The documents are reportedly disguised as interview requests from legitimate newspapers, data requests from intelligence officials concerning visits to other countries, and diplomatic documents.

The situation can become even more dangerous when operators from these groups infiltrate targeted organizations, as has been documented in the past. According to blockchain security expert Zackxbt, operators in these groups have been paid over $16 million since early 2025 by posing as developers within these companies.

You Might Also Like;

• The End of Chatbots: Why 2026 is the Year of AI Agents (And What It Means for Your Job)
• Would You Choose a Robot Body or a Digital Mind?
• Nano Banana Pro: Free 4K Photo Upscaling Tool