May 31, 2019 10:15 UTC
May 31, 2019 at 10:15 UTC
North Korean Hackers Attacks Users of South Korean Exchange UpBit
According to the reports, North Korean hackers have allegedly attacked South Korean users of UpBit exchange with clever phishing exploit.
As indicated by the data from the security company East Security, North Korean hackers tried a cyber attack by sending a phishing email on 28 May. The subject of the mail suggested that the UpBit exchange needed more information for a customer’s fictional sweepstakes payout. However, the mail did not come from UbBit but from another server.
The email contained a sort of file claiming that it includes documentation for the payout. As per the East Security, running this file displayed what looked like a normal document, but that run malicious code. After that, it sent data about the user’s machine and the private keys as well as login to the hackers and then connected the machine to a command and control system for the later remote access.
East Security believes that this cyber attack is expected to be coming from a North Korean hacking group, Kim Soo-ki.
Mum Jong-hyun, the head of the ESRC Center at East Security, said –
“In analysing attack tools and malicious codes used by hacker groups, there are unique characteristics we saw.”
He noted –
“These similar to another attack called Operation Fake Striker that attacked Korean government agencies. The hackers also used the same techniques in January to target reporters.”
Mun Jong-hyun added –
“As bitcoin price rise, more and more customers are using exchanges. This means that the number of victims has increased, which means that the possibility of stealing passwords stored in the exchange has increased.”
In a clever move, the North Korean hackers password-protected the malicious file with the word “UPBIT,” which implies that the traditional anti-virus tools wouldn’t be able to detect the malicious code.
Mun Jong-hyun noted –
“We have not heard of any reported damage. In order to avoid cyber attacks, you should not install or click suspicious files or documents.”