North Korean Hackers Attacked South Korean Exchanges, Using WannaCry-like Malware

North Korean Hackers Attacked South Korean Exchanges, Using WannaCry-like Malware

South Korea has got one more reason to curb on virtual currencies and regulate the market much strictly. Reportedly, the North Korean hackers, which work under the name Lazarus, have committed attacks and made breaches on several South Korean cyber money exchange platforms. Such a conclusion comes out of the report, presented by the American cyber safety company Recorded Future.

According to the company’s report, called “North Korea Targeted South Korean Cryptocurrency Users and Exchange in Late 2017 Campaign,” the hackers utilized already known devastating software. In particular, it was an idem kind of malware, which was previously applied for WannaCry extortionate digital assault as well as Sony Pictures safety deficit. This time, the clay pigeon was the South Korean crypto trading platform Coinlink.

“The malware employed shared code with Destover malware, which was used against Sony Pictures Entertainment in 2014 and the first WannaCry victim in February 2017,” reported the firm.

North Korean Hackers Stealing $7 million from Bithumb

However, Coinlink was not the only 2017 North Korean hackers’ target. Last year February, the second major virtual money exchange in the whole world, based in South Korea, suffered from the security flaw. That was Bithumb, and it lost about $7 million of its customers’ capital, preferably in ETH and BTC.

Now the report concluded that this enormous sum had been connected with the North Korean hackers. According to the Insikt Group cyber safety researchers, Lazarus Group utilized a full row of instruments to attack the targets. Among them, there was malware allocation via info platforms as well as spear phishing attacks. All of that was done in order to reach out to virtual currency wallets, etc.

Furthermore, this particular group of North Korean hackers settled down a robust devastating software crusade. Therefore, since last year autumn, the Lazarus attackers started distributing malware by adding it files so as to get access to personal gadgets. One of such techniques was the spread of South Korean analog f Microsoft Word files – Hangul Word Processor (HWP) docs – via electronic mail with the addition of viruses.

In Style

But it was known about the attacks even before the report as a group of other cyber safety companies blamed North Korean attackers for ‘shooting’ at their south neighbor’s exchanges with complex rascally software. For example, FireEye investigators found the connection between hackers, supplied by North Korea, and six cyber assaults against crypto trading platforms in South Korea.

Moreover, recently was launched an official probe concerning the safety flaw which drove to the failure of another South Korean exchange YouBit, and the investigators managed to find the bonds between this breach and North Korean hackers’ activities. The leading expert at FireEye – Luke McNamara – once claimed that resembling instruments, extensively used by North Korean attackers, were applied when they hacked YouBit.

So no wonder that the South Korean authorities are trying to protect their citizens by curbing on crypto exchanges, especially when the threat from North Korea also comes from the other perspectives.