POST Online Media Lite Edition


North Korea hacked South Korean crypto exchanges, says report

Staff Writer |
An American cybersecurity firm has reported that South Korean cryptocurrency exchanges and users lost money in late 2017 as a result of North Korea's state-sponsored hacking.

Article continues below

The firm Recorded Future said in a report that North Korea-backed hacking group Lazarus Group carried out the spear phishing campaign against both cryptocurrency users and exchanges, as well as South Korean college students interested in foreign affairs.

The report, entitled "North Korea Targeted South Korean Cryptocurrency Users and Exchange in Late 2017 Campaign," says the hacking took place before North Korean leader Kim Jong Un's New Year's speech and subsequent North-South dialogue.

The malware used to target Coinlink, a South Korea-based cryptocurrency exchange, was Destover malware. It is the same type of malware used against Sony Pictures Entertainment in 2014 and the first WannaCry ransomware attack in February 2017.

However, Coinlink has reportedly denied any such attacks from North Korea.

North Korean state-sponsored cyber operations are largely clustered within the Lazarus Group umbrella.

Also known as Hidden Cobra by the U.S. government, Lazarus Group has conducted operations since at least 2009, when they targeted U.S. and South Korean websites.

What to read next

North Korea behind cryptocurrency hacks, says Seoul
South Korea sets date for high-level talks with North Korea
North Korea's elite plugged in online, not isolated