North Korean Hackers Try to Steal UpBit Customer Information

Friday, 31/05/2019 | 06:20 GMT by Arnab Shome
  • Until now, no victims of the attack have come out publically.
North Korean Hackers Try to Steal UpBit Customer Information
Finance Magnates

A North Korean hacker group is targeting customers of the crypto exchange UpBit in a classic phishing attack, Coindesk reported on May 31.

The report was based on data published by cybersecurity firm East Security, which revealed that users of the South Korean crypto Exchange received phishing emails on May 28. The email mentioned that UpBit needed more user information to pay out sweepstakes.

However, the mail was not sent from UpBit’s server, which immediately raised a red flag.

The security company detailed that the email also contained an attachment labeled as the documentation of the payout. Though at a glance it seemed to be a normal document file, it contained malicious codes which would steal crucial information from users’ computers, including private keys and login credentials. It would also connect the victims' computers to a command and control system for remote access.

The malicious file was also password protected to bypass the widely used security solutions.

Keeping signatures behind

Analyzing the tools and tactics used by the attackers, the cybersecurity firm is suspecting the involvement of a North Korean hacker group called Kim Soo-ki. Similar tactics were also used by the hacker group while attacking South Korean government agencies and also targeting reporters earlier this year.

“In analyzing attack tools and malicious codes used by hacker groups, there are unique characteristics we saw,” Mun Jong-hyun, head of the ESRC Center at East Security, said.

No victims yet

The company also pointed out that at this point, no report of damages to the users has surfaced.

South Korea is one of the most lucrative crypto markets with the highest crypto penetration among its citizens. With the recent rally in prices, the activity on exchanges also increased significantly.

“As Bitcoin prices rise, more and more customers are using exchanges. This means that the number of victims has increased, which means that the possibility of stealing passwords stored in the exchange has increased,” Mun added.

Earlier this year, a Russian internet security company revealed that another North Korean hacker group was continuously targeting crypto exchanges for financial gains and also evolved their tactics to keep up with the exchanges’ security standards.

A North Korean hacker group is targeting customers of the crypto exchange UpBit in a classic phishing attack, Coindesk reported on May 31.

The report was based on data published by cybersecurity firm East Security, which revealed that users of the South Korean crypto Exchange received phishing emails on May 28. The email mentioned that UpBit needed more user information to pay out sweepstakes.

However, the mail was not sent from UpBit’s server, which immediately raised a red flag.

The security company detailed that the email also contained an attachment labeled as the documentation of the payout. Though at a glance it seemed to be a normal document file, it contained malicious codes which would steal crucial information from users’ computers, including private keys and login credentials. It would also connect the victims' computers to a command and control system for remote access.

The malicious file was also password protected to bypass the widely used security solutions.

Keeping signatures behind

Analyzing the tools and tactics used by the attackers, the cybersecurity firm is suspecting the involvement of a North Korean hacker group called Kim Soo-ki. Similar tactics were also used by the hacker group while attacking South Korean government agencies and also targeting reporters earlier this year.

“In analyzing attack tools and malicious codes used by hacker groups, there are unique characteristics we saw,” Mun Jong-hyun, head of the ESRC Center at East Security, said.

No victims yet

The company also pointed out that at this point, no report of damages to the users has surfaced.

South Korea is one of the most lucrative crypto markets with the highest crypto penetration among its citizens. With the recent rally in prices, the activity on exchanges also increased significantly.

“As Bitcoin prices rise, more and more customers are using exchanges. This means that the number of victims has increased, which means that the possibility of stealing passwords stored in the exchange has increased,” Mun added.

Earlier this year, a Russian internet security company revealed that another North Korean hacker group was continuously targeting crypto exchanges for financial gains and also evolved their tactics to keep up with the exchanges’ security standards.

About the Author: Arnab Shome
Arnab Shome
  • 6599 Articles
  • 96 Followers
Arnab is an electronics engineer-turned-financial editor. He entered the industry covering the cryptocurrency market for Finance Magnates and later expanded his reach to forex as well. He is passionate about the changing regulatory landscape on financial markets and keenly follows the disruptions in the industry with new-age technologies.

More from the Author

CryptoCurrency