North Korean hackers have made a phishing attempt on users of the South Korean crypto exchange Upbit.
News correspondents in Korea broke this development on May 29, 2019, detailing the ploy to steal Upbit users’ information. The hackers sent out an email claiming that Upbit users needed to submit more information to become eligible for a prize drawing.
When users opened up the email reportedly containing information about a phony sweepstakes and its payout, malware would activate, giving the hackers access to user information and control of their devices for later access.
“In analyzing attack tools and malicious codes used by hacker groups, there are unique characteristics we saw,” Mun Chong Hyun, head of the ESRC Center at East Security, which identified the attack, said, per CoinDesk Korea.
These characteristics specifically point to North Korean hacker group Kim Soo-Ki, which has used malware of a very similar construction to attempt to breach South Korean government agencies.
North Korean hackers have been active meddlers in the South Korean crypto space for several years. The Lazarus Group, for example, has stolen more than $571 million in a period of a little over a year and a half between 2017 and 2018, largely targeting South Korean crypto exchanges. Over the course of this work, the Lazarus Group received direct material support from the North Korean government.
This latest hacking attempt, however, seems to have been foiled by the efforts of the team at East Security. Mun Chong Hyun claimed that, so far, “we have not heard of any reported damage.”
This is not the first time Upbit has found itself embroiled in fraudulent activity. Last December, executives from both Upbit and its parent company, Dunamu, were indicted for fraud after creating phony records for millions of dollars’ worth of fictional trades, all to convince potential customers that Upbit had a much higher volume of business than it actually had.