North Korean hackers stole funds from South Korean cryptocurrency exchanges

North Korean hacking activities focused on Seoul’s cryptocurrency exchanges appear to be growing, a new report says

Cryptocurrencies and blockchain-based applications are revolutionizing the way people trade and are expected to provide a most secure system –  until now. However, they are still not hacking proof as cited in various incidents, most recent amongst them is the attack on crypto mining service Nicehash where hackers stole over $60 million in users’ funds.

North Korea‘s involvement in major hacking offensives appears to be growing.

The country has been linked to a recent attack on South Korean cryptocurrency exchanges, according to cybersecurity experts.

As of now, a new report from the US cybersecurity firm Recorded Future indicates that a recent attack on South Korean cryptocurrency exchanges, was perpetrated by Lazarus, a North Korean hacking group responsible for various hacking attacks and security breaches on Coinlink, a South Korean cryptocurrency exchange.

According to the report, “North Korean government actors, specifically Lazarus Group, continued to target South Korean cryptocurrency exchanges and users in late 2017, before Kim Jong Un’s New Year’s speech and subsequent North-South dialogue. The malware employed shared code with Destover malware, which was used against Sony Pictures Entertainment in 2014 and the first WannaCry victim in February 2017.”

The group has been conducting operations since at least 2009, when they launched an attack on US and South Korean websites by infecting them with a virus known as MyDoom, the report said. The group has mainly targeted South Korean, US government, and financial entities, but has also been linked to the major attack on Sony Pictures in 2014.

In 2017, the group began targeting cryptocurrencies, and their first offensive was aimed at Bithumb, one of the world’s largest bitcoin exchanges. Lazarus hackers stole $7 million in the Bithumb heist at the time, according to the report.

Download the Report

Key Judgements

  • North Korean government actors, specifically Lazarus Group, continued to target South Korean cryptocurrency exchanges and users in late 2017, before Kim Jong Un’s New Year’s speech and subsequent North-South dialogue.
  • This campaign also targeted South Korean college students interested in foreign affairs and part of a group called “Friends of MOFA” (Ministry of Foreign Affairs).
  • The malware employed shared code with Destover malware, which was used against Sony Pictures Entertainment in 2014 and the first WannaCry victim in February 2017.
  • The dropper in this campaign exploited a known Ghostscript vulnerability, CVE-2017-8291. The exploit implementation includes Chinese terms possibly signifying an attempted false flag or a Chinese exploit supplier.

DISCLAIMER: The publisher of CRYPTOBLOXZ, is not an investment advisor and does not offer or provide investment advice or other financial advice. Nothing on this website constitutes, or should be relied on as, investment advice or financial advice of any kind. Specifically, none of the information on this website constitutes, or should be relied on as, a suggestion, offer, or other solicitation to engage in, or refrain from engaging in, any purchase, sale, or any other any investment-related activity with respect to any transaction. You should never make an investment decision on an investment based solely on the information on our website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an investment. We do not accept compensation in any form for analyzing or reporting on any ICO, cryptocurrency, currency, tokenized sales, securities, or commodities. In exchange for using this site, you agree to hold CRYPTOBLOXZ (including its managers, members, officers, employees, consultants, partners, and affiliates) harmless against any claims for damages arising from any decision you make based on information on this website. See full terms and conditions for more.

Total
0
Shares
Share 0
Tweet 0
Pin it 0
Related Topics

Subscribe

Subscribe now to our newsletter

You May Also Like
Loading data ...
Comparison
View chart compare
View table compare