An American cybersecurity firm has reported that South Korean cryptocurrency exchanges and users lost money in late 2017 as a result of North Korea's state-sponsored hacking.
The firm Recorded Future said in a report that North Korea-backed hacking group Lazarus Group carried out the spear phishing campaign against both cryptocurrency users and exchanges, as well as South Korean college students interested in foreign affairs.
The report, entitled "North Korea Targeted South Korean Cryptocurrency Users and Exchange in Late 2017 Campaign," says the hacking took place before North Korean leader Kim Jong Un's New Year's speech and subsequent North-South dialogue.
The malware used to target Coinlink, a South Korea-based cryptocurrency exchange, was Destover malware. It is the same type of malware used against Sony Pictures Entertainment in 2014 and the first WannaCry ransomware attack in February 2017.
However, Coinlink has reportedly denied any such attacks from North Korea.
North Korean state-sponsored cyber operations are largely clustered within the Lazarus Group umbrella. Also known as Hidden Cobra by the U.S. government, Lazarus Group has conducted operations since at least 2009, when they targeted U.S. and South Korean websites.
Since 2016, North Korean operations focused attacks against financial institutions to steal money and generate funds for the Kim regime.
By 2017, North Korea eyed the cryptocurrency bandwagon, the report says.
Recorded Future's outlook for 2018 is that as South Korea responds to these attempted thefts by increasing security and possibly banning cryptocurrency trading, they will become harder targets, forcing North Korean actors to look to exchanges and users in other countries as well.
For comments and feedback: editorial@rttnews.com