North Korean hacker group 'Lazarus' gets hypothetical Incident of stealing virtual currency from Korean exchanges

in #cryptocurrency7 years ago

There are many incidents where user funds are stolen by hackers from the Korean virtual currency exchange, but North Korean hacker group "Lazarus" seems to be behind. US Cyber

Security Company Recorded Future reported on the latest report.

According to the company, North Korea attacks against the Korean-based virtual currency exchange coin link using the same type of malware used for security breach to Sony Pictures and "Wanakurai" rant thighware attack.

According to the report, "Before the Year speech of Kim Young-hee and the subsequent South-North dialogue, the Lazars group behind the North Korean government repeatedly attacked the Korean virtual currency exchange in the second half of 2005. The malware used was Sony Pictures For entertainment, and in February 2005 it has a common code with the malware "disto bar" used for the first Wanakely victims.

Hacker group 'Lazarus' gains a leap

In February last year, the virtual currency exchange Bissam, which is the second largest in terms of trading volume per day , stolen about 800 million yen of user funds . Most of the damaged currencies are bit coins and ethers.

According to Recorded Future, this damage of about 800 million yen by Bissam is related to North Korean hacker.

In the Inject Group of cyber security companies that monitor the movement of North Korean hackers, even among North Korean hackers, the Lazarus group has accessed virtual currency wallets and accounts by using various means, in particular from phishing attacks to malware spreading It is revealed.

According to Inject, the Lazarus group led the massive spread of malware in the autumn of 2005 , since then North Korean hackers spread malware by attaching file attaching malicious software and try to gain access to personal devices.

One of the methods used by the Lazarus group is to send a mail to a Hangul word processor (HWP Korean Microsoft Word) file that harbored malware. When the virtual currency user downloads this, installation is done automatically, and the hacker can sneak control or manipulate the data stored in the device.

"In the 17th year, officials from North Korea have been piggybacked on the rise of the virtual currency.The first known virtual currency theft case by North Korea is in February 2005, at this time the Korean Exchange Bissam About 800 million yen was stolen (by the value at the time) by the end of 2005. A lot of phishing attacks were also launched against the Korean virtual currency exchange by the end of 2005. In many cases North Korea was successfully stealed Moreover, I went illegally until mining of bitcoins and Monero. "(Inject Corporation)

In addition to this report, there are many who point out that the North Korean hacking group is targeting South Korea's virtual currency trading platform by means of sophisticated malware and phishing attacks.

A researcher of US security company Fayya has said that there have been six cases in which North Korean hackers assisted by the North Korean government attacked the Korean virtual currency exchange.

As reported earlier in the coin, a large-scale investigation into security infringement that brought bankruptcy of the Korean virtual currency exchange Ubit began led by the Korea Police and Internet Promotion Agency. At the moment the investigators have stated evidence of Ubit security breach and North Korean hacker ties. Luke McNamara, senior analyst at Fireyeye , told Bloomberg that the tool used for hacking to Ubit was similar to the tools widely used by North Korean hackers .

"The partner we have watched is increasingly becoming increasingly competitive and figure-bearing attacking the target, which is one of the bigger strategies they are said to have developed since 16 years In this strategy, North Korea conducts theft from the fund by using the capability that he used to mainly intelligence activities in the past. "