North Korean hackers behind South Korean Exchanges Bitcoin theft try
The Republic of Korea’s National Police Agency (NPA) has confirmed that North Korean hackers were behind the efforts to steal Bitcoins from the various exchanges in South Korea.
The claim was made several weeks following the publication by cybersecurity company FireEye of its report on the attempted thefts.
In a blog post, FireEye senior cyber threat intelligence analyst Luke McNamara said that the hackers have targeted at least three digital currency exchanges in South Korea to steal funds.
“Since May 2017, we have observed North Korean actors target at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds. The spearphishing we have observed in these cases often targets personal email accounts of employees at digital currency exchanges, frequently using tax-themed lures and deploying malware … linked to North Korean actors suspected to be responsible for intrusions into global banks in 2016.”
In its report issued in late September 2017, the NPA confirmed the attempts to steal Bitcoin from the exchanges but were unsuccessful.
The report added that 25 employees at four different exchanges were the targets in 10 separate spear phishing attempts since July. Spear phishing is an email-spoofing attack in which would-be hackers assume the identity of another to trick their victims into providing information like login credentials.
How the attempted attacks were made
Based on a report by regional news source Yonhap, the hackers assumed the identity of security specialists and sent emails with malware attachments. The report also claimed that the attempted hacking targeted smartphones, hinting that the cybercriminals could have planned to compromised devices that are being used for two-factor authentication.
However, the NPA hinted that the attempted hackings have not resulted in the loss of funds or an actual security breach.
The Permanent Mission to the United Nations of the Democratic People’s Republic of Korea, meanwhile, failed to respond to a request for comment on the incidents.