North Korean Hackers Target UpBit Users in Bitcoin Scam
North Korean hacking group, “Kim-Soo-ki,” have allegedly orchestrated a phishing attack targeting users of South Korean cryptocurrency trading venue, UpBit, in a bid to steal their bitcoin, according to a report by The Next Web on May 31, 2019.
North Korea Phishing for Bitcoins
Per sources close to the matter, North Korea’s notorious hacking group, Kim Soo-ki, have conducted a phishing attack aimed at stealing the digital assets of users of South Korea’s UpBit exchange.
Reportedly, the rogue actors allegedly sent a phishing email to bitcoin traders on the UpBit exchange, masquerading as admins of the platform and claiming that the trading venue needed additional personal details of its users to enable it to process a “fake sweepstakes’ payout.”
To make the phishing operation easier, the cyberpunks embedded an information-stealing malware in a file attached to the email and once the victim tries to open the attachment, a malicious Trojan is automatically installed on the victim’s system.
According to East Security, the cybersecurity firm that first discovered the attack, the attached was titled the “Event Winner Personal Information Collection and Usage Agreement” form and it had a .hwp extension.
Upon clicking the file, another document is displayed on the victim’s screen. However, the primary aim of the document is to run a malicious code which will, in turn, steal critical information stored on the victim’s PC, including the list of installed programs, passwords for cryptocurrency exchange accounts and other details.
The stolen information will then be sent to an external server controlled by the hackers.
The team has also revealed that the malware also connects itself to the command control server designated by the hackers, enabling them to gain remote access to the victim’s computer.
Commenting on the incident, Mun Jong-hyun, East Security ESRC Center Director, noted that the recent surge in the price of bitcoin has attracted more users to the UpBit exchange and has also motivated bad actors to up their scam game in general.
It’s worth noting that this is not the first time that North Korean hackers have attacked South Korea.
As reported by BTCManager in March 2019, a UN report revealed that North Korea may have amassed up to $670 million in cryptocurrencies, most of which were obtained through cyber attacks.