North Korea hacked South Korean crypto exchanges, says report
The firm Recorded Future said in a report that North Korea-backed hacking group Lazarus Group carried out the spear phishing campaign against both cryptocurrency users and exchanges, as well as South Korean college students interested in foreign affairs.
The report, entitled "North Korea Targeted South Korean Cryptocurrency Users and Exchange in Late 2017 Campaign," says the hacking took place before North Korean leader Kim Jong Un's New Year's speech and subsequent North-South dialogue.
The malware used to target Coinlink, a South Korea-based cryptocurrency exchange, was Destover malware. It is the same type of malware used against Sony Pictures Entertainment in 2014 and the first WannaCry ransomware attack in February 2017.
However, Coinlink has reportedly denied any such attacks from North Korea.
North Korean state-sponsored cyber operations are largely clustered within the Lazarus Group umbrella.
Also known as Hidden Cobra by the U.S. government, Lazarus Group has conducted operations since at least 2009, when they targeted U.S. and South Korean websites. ■