North Korean Hackers Stole $571m in Cryptos
The latest news on cryptocurrency suggests that a group of Internet hackers have pilfered $882 million of digital currency from crypto exchanges, an exploit that started since last year. Apparently, one group in particular has netted roughly half that amount. It was reportedly the North Korean hacking group called Lazarus, which is responsible for stealing $571 million through an analysis of 14 different attacks.
How The Hacking Was Performed
In general, hackers turn to methods such as social engineering, malware, and spear phishing in order to target digital currency exchanges. The most popular attack vector on corporate networks is spear phishing. In order to accomplish this, the scammers deliver malware.
Basically, “after the local network is successfully compromised, the hackers browse the local network to find workstations and servers … working with private cryptocurrency wallets,” a summary of the official annual report from cybersecurity vendor Group-IB said.
The news backs up claims from officials in South Korea, who said in February that North Korean hackers likely stole tens of millions of dollars’ worth in cryptocurrencies in 2017.
Sometime before, the country’s National Intelligence Service revealed that phishing scams and other criminal methods had yielded tens of billions of won in customer funds. Authorities were also probing whether the same hackers were behind the January hack of the Coincheck exchange, which saw over $500 million in cryptocurrency taken – though Lazarus was not specifically mentioned.
Attacks To Increase
The group also noted that it expects digital currency exchange attacks to increase across the board – not just those by Lazarus. In addition, groups that typically attack banks may decide to target crypto exchanges because they realize those heists can be fruitful.
In August, information security firm Kaspersky Lab revealed the latest cybersecurity issue on its Securelist blog. The company said that Lazarus is tricking unsuspecting users into downloading cryptocurrency-related software laced with malware.
“Lazarus has been a major threat actor in the APT arena for several years. Alongside goals like cyber espionage and cyber sabotage, the attacker has been targeting banks and other financial companies around the globe,” the company wrote.
“Over the last few months, Lazarus has successfully compromised several banks and infiltrated a number of global cryptocurrency exchanges and FinTech companies.”
Kaspersky recently discovered the hack while investigating a crypto exchange attacked by Lazarus, with the help of a trojanized cryptocurrency trading application. The update had been sent to the company via email, and an unwitting employee downloaded it from a legitimate-looking website. Their computer was then infected with malware known as FallChill, an old tool that Lazarus is now using again. Computers infected with FallChill can immediately be controlled remotely.