Skip to content

New report: North Korean pirates steal funds from South Korean cryptocurrency

The US cybersecurity firm Recorded Future has released a new report linking Lazarus, a group of North Korean piracy.

In a report titled "South Korean Cryptocurrency Users and Exchanges Targeted in North Korea in 2017", the firm's researchers said the same type of malware was being used in the loophole Sony Pictures and WannaCry security. "North Korean government actors, especially Lazarus Group, continued to target South Korean cryptocurrency exchanges and users in late 2017, ahead of Kim Jong Un's New Year's speech and the North-South dialogue. The malware used the code shared with the malware of Destover, which was used against Sony Pictures Entertainment in 2014 and the first victim of WannaCry in February 2017, "the report read

$ 7 mln stolen From Bithumb

February 2017, Bithumb, the world's second largest cryptocurrency purse by daily trading volume, suffered a security breach that resulted in the loss of approximately $ 7 million of users, mainly in the native cryptocurrency of Bitcoin and Ether.

The report released by Recorded Future noted that Bithumb's $ 7 million security breach was linked to North Korean pirates. Insikt Group researchers, a group of cybersecurity researchers who closely monitor the activities of North Korean hackers, revealed that Lazarus Group, in particular, used a wide range of tools, attacks from spear phishing to the distribution of malware to access cryptocurrency.

Insikt group researchers revealed that hackers from the Lazarus group had launched a huge campaign against malware in the fall of 2017. Since then, North Korean hackers have focused on spreading malware.

One method employed by Lazarus Group was the distribution of Hangul word processing files (HWP) by e-mail, the South Korean equivalent of Microsoft Word documents, with malicious software. If a cryptocurrency user downloads the malware, he or she installs autonomously and runs in the background, taking control or manipulating data stored in the specific device.

See also  The next Hard Bitcoin SegWit2x, Put in Layman's Terms

<img alt=" CVE "src =" https: // cointelegraph. com / storage / uploads / view / 5a956c6d0404ff437c1eb1cb6031988d.png "title =" CVE "/>

" By 2017, North Korean players have jumped on the cryptocurrency train. By the end of 2017, several researchers had reported additional harpooning campaigns against South Korean cryptocurrency, many successful thefts, and even the mining of Bitcoin and Monero, with the theft of 7 million of dollars. Written by researchers from the Insikt group

Motivation of North Korean pirates

Before the release of the Recorded Future report, several other cybersecurity firms had accused North Korean researchers targeted six Targeted cyber-attacks against South Korean cryptocurrency swaps against state-funded pirates based in North Korea. More recently, as reported Cointelegraph, police investigators and the Korean Agency for Security and the Internet have opened a thorough investigation into a security breach that led to the bankruptcy of YouBit, a trading platform for South Korean cryptocurrencies. Investigators said they had found evidence to link the YouBit security breach to North Korean pirates. FireEye's senior analyst, Luke McNamara, also told Bloomberg that similar tools widely used by North Korean hackers were used in the YouBit hacker attack

"This adversary that we are watching becomes more and more targets than they are ready to go after.This is really only one element of a broader strategy that they seem to use for at least 2016, where they used capabilities that were primarily used for espionage to steal funds. "