North Korean Hackers Try to Steal UpBit Customer Information
- Until now, no victims of the attack have come out publically.

A North Korean hacker group is targeting customers of the crypto exchange UpBit in a classic phishing attack, Coindesk reported on May 31.
The report was based on data published by cybersecurity firm East Security, which revealed that users of the South Korean crypto Exchange Exchange An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv Read this Term received phishing emails on May 28. The email mentioned that UpBit needed more user information to pay out sweepstakes.
However, the mail was not sent from UpBit’s server, which immediately raised a red flag.
The security company detailed that the email also contained an attachment labeled as the documentation of the payout. Though at a glance it seemed to be a normal document file, it contained malicious codes which would steal crucial information from users’ computers, including private keys and login credentials. It would also connect the victims' computers to a command and control system for remote access.
The malicious file was also password protected to bypass the widely used security solutions.
Keeping signatures behind
Analyzing the tools and tactics used by the attackers, the cybersecurity firm is suspecting the involvement of a North Korean hacker group called Kim Soo-ki. Similar tactics were also used by the hacker group while attacking South Korean government agencies and also targeting reporters earlier this year.
“In analyzing attack tools and malicious codes used by hacker groups, there are unique characteristics we saw,” Mun Jong-hyun, head of the ESRC Center at East Security, said.
No victims yet
The company also pointed out that at this point, no report of damages to the users has surfaced.
South Korea is one of the most lucrative crypto markets with the highest crypto penetration among its citizens. With the recent rally in prices, the activity on exchanges also increased significantly.
“As Bitcoin Bitcoin While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that Read this Term prices rise, more and more customers are using exchanges. This means that the number of victims has increased, which means that the possibility of stealing passwords stored in the exchange has increased,” Mun added.
Earlier this year, a Russian internet security company revealed that another North Korean hacker group was continuously targeting crypto exchanges for financial gains and also evolved their tactics to keep up with the exchanges’ security standards.
A North Korean hacker group is targeting customers of the crypto exchange UpBit in a classic phishing attack, Coindesk reported on May 31.
The report was based on data published by cybersecurity firm East Security, which revealed that users of the South Korean crypto Exchange Exchange An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv Read this Term received phishing emails on May 28. The email mentioned that UpBit needed more user information to pay out sweepstakes.
However, the mail was not sent from UpBit’s server, which immediately raised a red flag.
The security company detailed that the email also contained an attachment labeled as the documentation of the payout. Though at a glance it seemed to be a normal document file, it contained malicious codes which would steal crucial information from users’ computers, including private keys and login credentials. It would also connect the victims' computers to a command and control system for remote access.
The malicious file was also password protected to bypass the widely used security solutions.
Keeping signatures behind
Analyzing the tools and tactics used by the attackers, the cybersecurity firm is suspecting the involvement of a North Korean hacker group called Kim Soo-ki. Similar tactics were also used by the hacker group while attacking South Korean government agencies and also targeting reporters earlier this year.
“In analyzing attack tools and malicious codes used by hacker groups, there are unique characteristics we saw,” Mun Jong-hyun, head of the ESRC Center at East Security, said.
No victims yet
The company also pointed out that at this point, no report of damages to the users has surfaced.
South Korea is one of the most lucrative crypto markets with the highest crypto penetration among its citizens. With the recent rally in prices, the activity on exchanges also increased significantly.
“As Bitcoin Bitcoin While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that Read this Term prices rise, more and more customers are using exchanges. This means that the number of victims has increased, which means that the possibility of stealing passwords stored in the exchange has increased,” Mun added.
Earlier this year, a Russian internet security company revealed that another North Korean hacker group was continuously targeting crypto exchanges for financial gains and also evolved their tactics to keep up with the exchanges’ security standards.