North Korean hacking activities focused on Seoul’s cryptocurrency exchanges appear to be growing, a new report says
Cryptocurrencies and blockchain-based applications are revolutionizing the way people trade and are expected to provide a most secure system – until now. However, they are still not hacking proof as cited in various incidents, most recent amongst them is the attack on crypto mining service Nicehash where hackers stole over $60 million in users’ funds.
North Korea‘s involvement in major hacking offensives appears to be growing.
The country has been linked to a recent attack on South Korean cryptocurrency exchanges, according to cybersecurity experts.
As of now, a new report from the US cybersecurity firm Recorded Future indicates that a recent attack on South Korean cryptocurrency exchanges, was perpetrated by Lazarus, a North Korean hacking group responsible for various hacking attacks and security breaches on Coinlink, a South Korean cryptocurrency exchange.
The group has been conducting operations since at least 2009, when they launched an attack on US and South Korean websites by infecting them with a virus known as MyDoom, the report said. The group has mainly targeted South Korean, US government, and financial entities, but has also been linked to the major attack on Sony Pictures in 2014.
In 2017, the group began targeting cryptocurrencies, and their first offensive was aimed at Bithumb, one of the world’s largest bitcoin exchanges. Lazarus hackers stole $7 million in the Bithumb heist at the time, according to the report.
Download the Report
- North Korean government actors, specifically Lazarus Group, continued to target South Korean cryptocurrency exchanges and users in late 2017, before Kim Jong Un’s New Year’s speech and subsequent North-South dialogue.
- This campaign also targeted South Korean college students interested in foreign affairs and part of a group called “Friends of MOFA” (Ministry of Foreign Affairs).
- The malware employed shared code with Destover malware, which was used against Sony Pictures Entertainment in 2014 and the first WannaCry victim in February 2017.
- The dropper in this campaign exploited a known Ghostscript vulnerability, CVE-2017-8291. The exploit implementation includes Chinese terms possibly signifying an attempted false flag or a Chinese exploit supplier.