- North Korean hackers impersonated South Korean entities to steal cryptocurrency via email phishing.
- They extracted data from 1,500 individuals, targeting private sector and government officials.
- Lazarus Group is linked to major crypto heists, holding about $60 million in cryptocurrencies.
Law enforcement authorities in South Korea have disclosed that cybercriminals from the Democratic People’s Republic of Korea (DPRK), commonly referred to as North Korea, masqueraded as South Korean government entities and journalists to illicitly acquire cryptocurrency. It was reported that these hackers utilized email phishing strategies to execute their fraudulent activities on unwary individuals.
The National Police Agency of South Korea reported that North Korean cyber attackers appeared to focus on pilfering cryptocurrency assets. They disclosed that these malicious actors successfully extracted information from approximately 1,500 individuals from March to October 2023. Most of these victims were from the private sector, with around 57 being former or current government officials.
The authorities noted that these perpetrators impersonated representatives from various South Korean institutions, including the National Health Insurance, the National Pension Service, the South Korean National Police Agency, and the National Tax Service. They sent phishing emails containing enticing clickbait to their targets.
If the victims open the fraudulent email or click on an attachment, their computers become infected with malware, allowing the hackers to extract personal data and information. Additionally, the police highlighted that the attackers appropriated user IDs and profiles of 19 individuals, enabling them to access their cryptocurrency trading accounts. Although specific details regarding the stolen assets or their value were not disclosed, South Korean law enforcement has affirmed its commitment to intensifying efforts to curb such illegal cyber activities.
Previously, hackers associated with the notorious Lazarus Group, originating from North Korea, have been targeting blockchain engineers using a new form of macOS malware. Elastic Security Labs revealed a complex cyber attack carried out by North Korean hackers, suspected to be linked to the infamous Lazarus Group. This attack specifically targeted blockchain engineers working on cryptocurrency exchange platforms. The method of intrusion involved a cunningly disguised Python program, which was presented as a cryptocurrency arbitrage bot.
“The victim believed they were installing an arbitrage bot, a software tool capable of profiting from cryptocurrency rate differences between platforms.”
Elastic Security Labs
The Lazarus Group is known for orchestrating some of the most significant cyber heists in the cryptocurrency sector. This includes the notable attack on CoinEx, which resulted in a loss of approximately $55 million. This hacking group, backed by the DPRK, is currently in possession of nearly $60 million in various cryptocurrencies. The bulk of this amount is in Bitcoin (BTC), with its value estimated at around $56.15 million. Their cryptocurrency portfolio also comprises other digital assets like ETH, BNB, BUSD, and AAVE.
