A North Korean-sponsored hacking group, Lazarus, has been actively trying to steal #cryptocurrency from their South Korean neighbors in order to alleviate the pressure caused by internationally imposed sanctions.
A recent report has confirmed that government-sponsored North Korean hackers have been targeting South Korean exchange platforms and their users. According to the report the hacking group, known as Lazarus, are using similar techniques that was previously observed in the notorious WannaCry hacking campaign as well as the hacking campaign launched against Sony Pictures.
The hacking group has already employed a wide variety of hacking techniques to target different groups of users. The cybersecurity company, Recorded Future, reported a specific hacking campaign, the hacking group exploited a security vulnerability in the Korean word processing program, Hangul.
However other organizations have also been targeted, specifically those involved in the cryptocurrency industry. Lazarus has targeted the cryptocurrency exchange, Coinlink, as well as a student-orientated group called Friends of the Ministry of Foreign Affairs.
So far, Lazarus has been discovered to actively gain access to users’ login credentials of Coinlink using a technique known as a spear phishing attack. Users are sent fraudulent emails which contain malicious attached documents. Once the document is opened, a malware installed and executed which steals the victim’s login credentials.
Despite the reports, Coinlink maintains that they’ve experienced no attacks that originated from North Korea.
According to a Coinlink spokesperson, the company has contacted their server security provider and confirmed that there were no hacking attempts on their server. In addition, the spokesperson noted that so far no user login credentials have been compromised.