North Korean hackers targeting cryptocurrencies

According to security company Proofpoint, the cybercrime group APT Lazarus, which is often associated with the North Korean government, is currently focusing on the theft of bitcoins and other cryptocurrencies. Multiple documented campaigns targeting organizations and individuals interested in digital currencies and South Korean Point of Sales systems dates back to June 2017. The attacks have been executed via phishing e-mails linked to vectors in the form of fake web pages, macros, and modified installation files delivering variations of Ratankba malware. The virus served to download additional tools designed to steal credentials for cryptocurrency wallets and exchanges.

These activities demonstrate the adaptation of the state actor to the area of cryptocurrencies and the shifting interest targeting individuals – due to often lack of resources and adequate knowledge – rather than just organizations, are part of wide range of financially motivated cyberattacks affiliated with the North Korean government. Aside from the theft of US$81 million from the Bank of Bangladesh in 2014, the Lazarus group and other related APT's are also believed to be responsible for WannaCry ransomware and the repeated cyberattacks on the South Korean cryptocurrency exchanges. Experts believe that the hacking efforts represent an attempt to mitigate the effects of economic sanctions imposed on KLDR by the United Nations.

About author: Roman Šulc

Partners

Tento web používá k analýze návštěvnosti soubory cookie. Používáním tohoto webu s tím souhlasíte. Další informace