North Korean hackers aimed the major South Korean digital currency exchange Upbit through a phishing strike as per the report surfaced. A cybersecurity company, East Security released the information.
As per the company reports, the hackers targeted the user of Upbit through phishing email on May 28th. On investigating the source of the email, it was found that it did not originate from Upbit server but from somewhere else.
The email seemed to have information about the payment, but upon opening the document, it started to run some malicious code. The code, in turn, was sending all the data stored in the user’s computer, including the private key and login credentials to the hackers. The PC was then controlled by the remote user to get into Upbit exchange.
The cybersecurity company believes the attack was from North Korean hacker troupe Kim Soo-ki. The center head of East Security, Mun Jong-hyun has told after analyzing the malicious code and attacking tools it seems to them the attack was from North Korean hacker group. He further said that the same technique was used by the hackers in the previous strike in January while hacking the Korean government agency.
Previously similar kind of hacking attack was faced by another cryptocurrency exchange of South Korea Coinlink. The hackers used the same type of tactics to obtain username and password of customers of Coinlink. However, the spokesperson of Coinlink later told the hacking attempt was not from North Korea.
This kind of attacks is known as Spear Phishing attack in which an email with malicious documents is sent to the user. If the user opens that document, it steals all the information stored in the PC.
As per Mun Jong-hyun, the upsurge in the value of Bitcoin has increased the tendency of stealing among the hackers as more and more users are using the exchange. The antivirus software could not discover the malicious file as the hackers protected it with a password and named it as “UPBIT.”
Although till now no damage is being reported. The center head of East security has requested the people not to open any suspicious file to keep away from cyber-attack.
Over the last few months, North Korean computer jocks are repeatedly targeting South Korean users to acquire cryptocurrency. It appears that they are mostly eyeing for digital coins like Bitcoin and Monero.