North Korean hackers are targeting to steal cryptocurrencies from users on Upbit, South Korean’s major digital currency exchange, through a phishing strike, according to a report by cybersecurity firm East Security.
The hackers launched an attack the exchange platform Upbit user on the 28th of May using phishing email, said the report. The email was found to have come from somewhere else; was not originated from Upbit server after investing the email source.
The email claimed to have information about a transaction (payment) done on the platform but started to run some malicious code upon opening the document. The investigating cybersecurity firm found that the code was sending all stored data on the user’s computer, including login details and the private key to the hackers. The remote user then controlled the computer to get into the digital exchange platform.
North Korean hacker troupe Kim Soo-ki was suspected to have launched the attack, according to the cybersecurity firm. After analyzing the attacking tool and malicious code, East Security center head Mun Jong-hyun disclosed that the attack was from the suspected North Korean hacker group. A hack was attempted on a Korean government agency in January by the suspected group using the same technique, Jong-hyun added.
A similar kind of hacking attack was experienced recently by Coinlink, another South Korean cryptocurrency exchange platform. And the same type of tactics was used by the hackers to obtain the user’s login credentials. However, Coinlink spokesperson later disclosed that the hacking attempt was not from North Korea.
Spear Phishing now prominent in Cryptocurrency hacks
The advent of varying cybersecurity measures involving identity verification and KYC has turned the attention of hackers to thefts involving completely anonymous transactions. Spear Phishing attack is the kind of attacks that involves sending emails with malicious documents to users. The malware would send all the information stored in the computer to the hacker once the user opens the document.
The tendency of stealing cryptocurrencies has increased due to the recent upsurge in the value of Bitcoin alongside other cryptocurrencies, said Mun Jong-hyun. In the Upbit exchange platform attack, the antivirus software was not able to discover the malicious file because the hackers named the malware “UPBIT” and protected it with a password.
Though no damage has been reported till now, East security center head has requested that users of the platform and others should keep away from cyber-attack by not opening any suspicious file.
North Korean computer jocks have, over the last few months, repeatedly targeted South Korean users to steal cryptocurrency. It’s very likely that they are aiming to acquire Bitcoin, Monero and other digital coins from the users.