KEY POINTS
- Rogue actors allegedly backed by North Korea have stolen data from nearly 1,500 victims between March and October
- The majority of the victims are from the private sector and 57 from incumbent or retired government officials
- When the scam email was opened or the phishing link was clicked on, the victim's computer would be infected with malware
The South Korean National Police Agency has warned people against North Korean malicious actors and hackers, who have been impersonating government agency officials and journalists to steal cryptocurrencies.
Rogue actors allegedly backed by the hermit country have stolen data from nearly 1,500 victims between March and October, the majority of whom were from the private sector and 57 from incumbent or retired government officials, the local media reported quoting the South Korean National Police Agency.
Malicious actors pretended to be officials from South Korea's National Pension Service, National Health Insurance, National Tax Service and National Police Agency to send phishing emails to recipients.
When the scam email was opened or the phishing link was clicked on, the victim's computer would be infected with malware, following which the hackers would harvest data, including personal information.
Hackers also stole user IDs and profiles of 19 victims to access their cryptocurrency trading accounts, according to the police authorities, although they did not disclose the amount of crypto assets stolen by cybercriminals.
North Korea's hacking efforts have grown in scale and scope in 2023, according to authorities who revealed that "last year, they stripped virtual assets by distributing ransomware. That coerced victims to pay money and valuables to regain their property. " However, this year, malicious actors have become more aggressive in phishing, which has resulted in the authorities shutting down 42 phishing websites.
It was reported earlier this month that North Korean hackers linked to the notorious cybercriminal group Lazarus Group, purportedly operating on behalf of North Korea, were impersonating blockchain engineers on Discord using social engineering techniques.
Victims reportedly download a malicious ZIP file, convinced they were installing an arbitrage bot -- a software tool designed to profit from cryptocurrency rate differences between platforms -- but actually ended up downloading a Python file that eventually downloaded and executed Watcher.py. cybersecurity firm Elastic Security Labs reported.
"Once communication is established, KandyKorn awaits commands from the server. This is an interesting characteristic because the malware waits for commands rather than polling for them. This reduces the number of endpoint and network artifacts generated and provides a way to limit potential discovery," researchers at Elastic explained.
The DPRK was so excited about Halloween, they got a head start on passing out candy. Check out REF7001, AKA KANDYKORN – a malware distributed in cryptocurrency servers on Discord: https://t.co/ZJ1r92Yhvf#malware #threatdiscovery #cryptocurrency #discord #ElasticSecurityLabs
— Elastic Security Labs (@elasticseclabs) October 31, 2023
Since 2011, crypto hacks have cost the industry $12.36 billion, with 30.74% of this amount stemming from 192 cryptocurrency exchanges that collectively lost $3.8 billion to cybercriminals, according to data from a report by the independent think tank The Money Mongers.
