North Korean Hackers Stole Cryptocurrency Funds From South Korea
North Korean hackers have activated themselves and now targeting South Korea’s cryptocurrency agencies. Titled “North Korea Target South Cryptocurrency” the North Korean hackers directed at Seol’s financial system. According to Recorded Future, this is the handy work of US-based cyber security firm. The claim is yet to be confirmed.
Lazarus group is said to be the focal point for creating this campaign. Recorded Future again is said to be aiming at South Korean cryptocurrency exchange Coinlink. The malware code is the same that was used in busting Sony Pictures security breach and the WannaCry Ransomware attack.
The report reads “North Korean government actors, specifically Lazarus Group, continued to target South Korean cryptocurrency exchanges and users in late 2017, before Kim Jong Un’s New Year’s speech and subsequent North-South dialogue. The malware employed shared code with Destover malware, which was used for Sony Pictures Entertainment in 2014 and the first WannaCry victim in February 2017.”
It was in February last year 2017, when the world’s second largest cryptocurrency exchange Bithumb, noted a fall in their trading volume, only to realize that they have fallen victim to the security breach. The $7 million user funds mostly in Bitcoins were swindled off.
According to the reports, the North Korean hackers have started working on this campaign since the start of 2016 to raise money for themselves. They later shifted their focus to cryptocurrencies in 2017.
Lee Dong-Geun, chief analyst at Seoul-based Korea Internet Security Center, said that North Korean hackers have effectively shifted their operations to financial targets from the usual government installations.
The chief analyst at Seol Internet Security Center Lee Dong-Geun said that North Korean hackers are desperate to attack the financial operation, mainly government installation. Lee also warned that the threat looms large on the private organization after they are done with government institute. This will be followed by stealing bitcoin and other cryptocurrencies from people all over the world, researchers have warned.
As said by Recorded Future “Outside of the May WannaCry attack, the majority of North Korean cryptocurrency operations have targeted South Korean users and exchanges, but we expect this trend to change in 2018.”
At the time, local investigators stated that they have found evidence to link the YouBit security breach to North Korean hackers. FireEye senior analyst Luke McNamara also told Bloomberg that similar tools widely utilized by North Korean hackers were employed in the YouBit hacking attack.
“This an adversary that we have been watching become increasingly capable and also brazen in terms of the targets that they are willing to go after. This is really just one prong in a larger strategy that they seem to be employed since at least 2016, where they have been using the capability that has been primarily used for espionage to actually steal funds.”
Kevin Jones949 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.