North Korean Hackers Stole Funds From South Korean Cryptocurrency Exchanges

A new report from the US cybersecurity firm Recorded Future has surfaced which links Lazarus, a North Korean hacking group to various hacking attacks and security breaches on Coinlink, a South Korean cryptocurrency exchange.

The firm’s researchers stated that the same type of malware used in the Sony Pictures security breach and WannaCry ransomware attack was utilized to target Coinlink, a South Korea-based cryptocurrency exchange.

“North Korean government actors, specifically Lazarus Group, continued to target South Korean cryptocurrency exchanges and users in late 2017, before Kim Jong Un’s New Year’s speech and subsequent North-South dialogue. The malware employed shared code with Destover malware, which was used against Sony Pictures Entertainment in 2014 and the first WannaCry victim in February 2017,” the report read.

$7 mln stolen from Bithumb

Back in February 2017, Bithumb the second largest cryptocurrency exchange in terms of daily trading volume suffered a security breach which resulted in the loss of around $7 mln of user funds.

The report released by Recorded Future noted that the $7 mln Bithumb security breach has been linked to North Korean hackers. Insikt Group researchers, a group of cybersecurity researchers that closely track the activities of North Korean hackers regularly, revealed that Lazarus Group, in particular, has used a wide range of tools from spear phishing attacks to malware distribution through communication platforms to gain access to cryptocurrency wallets and accounts.

The Lazarus attacks happened in late 2017, as the price of bitcoin began to hit new highs. Since then, North Korean hackers have focused on spreading malware by attaching files containing fraudulent software to gain access to individual devices.

One of the methods employed by Lazarus Group was the distribution of Hangul Word Processors (HWP) files through e-mail. This is equivalent to Microsoft Word, with malware attached. Once a cryptocurrency user downloads the malware it effectively takes control and manipulates data automatically.


Add comment