A North Korean hacker group is targeting customers of the crypto exchange UpBit in a classic phishing attack, Coindesk reported on May 31.
The report was based on data published by cybersecurity firm East Security, which revealed that users of the South Korean crypto exchange received phishing emails on May 28. The email mentioned that UpBit needed more user information to pay out sweepstakes.
However, the mail was not sent from UpBit’s server, which immediately raised a red flag.
The security company detailed that the email also contained an attachment labeled as the documentation of the payout. Though at a glance it seemed to be a normal document file, it contained malicious codes which would steal crucial information from users’ computers, including private keys and login credentials. It would also connect the victims’ computers to a command and control system for remote access.
The malicious file was also password protected to bypass the widely used security solutions.
Legal Risk Factor Beneath Ripple’s Lawsuit from SECGo to article >>
Keeping signatures behind
Analyzing the tools and tactics used by the attackers, the cybersecurity firm is suspecting the involvement of a North Korean hacker group called Kim Soo-ki. Similar tactics were also used by the hacker group while attacking South Korean government agencies and also targeting reporters earlier this year.
“In analyzing attack tools and malicious codes used by hacker groups, there are unique characteristics we saw,” Mun Jong-hyun, head of the ESRC Center at East Security, said.
No victims yet
The company also pointed out that at this point, no report of damages to the users has surfaced.
South Korea is one of the most lucrative crypto markets with the highest crypto penetration among its citizens. With the recent rally in prices, the activity on exchanges also increased significantly.
“As bitcoin prices rise, more and more customers are using exchanges. This means that the number of victims has increased, which means that the possibility of stealing passwords stored in the exchange has increased,” Mun added.
Earlier this year, a Russian internet security company revealed that another North Korean hacker group was continuously targeting crypto exchanges for financial gains and also evolved their tactics to keep up with the exchanges’ security standards.