In a recent cybersecurity report, it has been revealed that North Korean hackers launched a sophisticated attack, posing as officials and journalists to steal cryptocurrency from unsuspecting victims.
The campaign spanned from March to October, during which the hackers expropriated user IDs and profiles of 19 victims to gain access to their cryptocurrency trading accounts. Additionally, they utilized more than 147 proxy servers they had seized to execute crypto mining programs, further expanding their illicit activities.
Cryptocurrency theft tactics
The hackers’ modus operandi involved impersonating various personas, including government officials and members of the media. This allowed them to gain the trust of their victims and gain access to their sensitive information. Once inside, they seized control of cryptocurrency trading accounts, siphoning off digital assets without the account holders’ consent.
Less than a year ago, these same North Korean hackers had employed malicious software to steal cryptocurrency, causing widespread concerns about potential property and asset loss. The report indicates that in their previous campaign, the hackers distributed ransomware, coercing victims into paying significant sums to regain access to their digital property.
In response to this cyber threat, law enforcement agencies have taken decisive action. A total of 42 fake websites operated by North Korean hackers were shut down in collaboration with the Korea Internet & Security Agency. This measure was taken to prevent further individuals from falling victim to these deceptive websites.
Additionally, the police are set to provide government intelligence and cyber experts with a list of servers used by the hackers, aiding in tracking and potentially disrupting their operations.
Historical impersonation tactics
The report highlights a historical pattern of North Korean hackers feigning government affiliations to achieve their financial goals. In one instance, they sent deceptive emails in May, impersonating an assistant of Rep.
Tae Yong-ho, a former North Korean diplomat who defected to South Korea. These deceptive tactics demonstrate the hackers’ adaptability and ingenuity in pursuing their criminal objectives.
This recent revelation follows a separate report indicating a significant rise in hacking activities originating from North Korea. On August 1st, blockchain investigator ZachXBT made startling claims regarding the Lazarus Group, a notorious hacking organization believed to be backed by the North Korean government.
According to ZachXBT, the group managed to transfer approximately $8.5 million across three different blockchain networks.
At the time of this revelation, the Lazarus Group reportedly had control over 125 Bitcoin addresses, collectively holding 290 BTC. Each of these wallet addresses contained between one and three BTC, further emphasizing the scale of their cryptocurrency holdings.