North Korean hackers target South Korean users of UpBit Exchange



[ad_1]

North Korean hackers have reportedly attacked users of the South Korean UpBit stock market with a clever phishing feat.

According to data released by the security company East Security, the hacker allegedly attempted a cyber attack by sending a phishing email on May 28. The subject of the mail suggested that UpBit needed more information for the payment of a draw. The mail was not coming from UpBit but from another server.

The email contained a file purporting to contain documentation for payment. According to East Security, running this file displayed what looked like a normal document, but then executed malicious code. He then sent user machine data, private keys and connections to the hackers, and then connected the machine to a command and control system for more remote access.


East Security believes that this cyber-attack was perpetrated by the North Korean hacker group Kim Soo-ki.

"The badysis of attack tools and malicious code used by hacker groups revealed unique characteristics," said Mun Jong-hyun, head of ESRC at East Security. He noted that these attacks are similar to another attack called Operation Fake Striker that attacked Korean government agencies. Hackers also used the same techniques in January to target journalists.

"As bitcoin prices rise, more and more customers are using exchanges. This means that the number of victims has increased, which means that the ability to steal pbadwords stored in the exchange has increased, "said Mun Jong-hyun.

Cleverly, hackers protected the malicious file with a pbadword with the word "UPBIT". This means that traditional anti-virus tools would not be able to detect malicious code.

"We have not heard of any reported damage," said Mun Jong-hyun. "In order to avoid cyber attacks, you should not install or click on suspicious files or documents."

Search for Park Moon-mo in CoinDesk Korea.
Image via Shutterstock

[ad_2]
Source link