The South Korean National Police Agency has issued a warning about an alarming uptick in cryptocurrency thefts carried out by North Korean hackers. These malicious actors, believed to be operating with the support of the North Korean regime, have adopted sophisticated methods to deceive individuals, including impersonating government officials and journalists.
In a significant shift in their modus operandi, these hackers have targeted nearly 1,500 victims from March to October, predominantly from the private sector. This figure also includes 57 current or retired government officials. These cybercriminals have employed a range of tactics, such as posing as representatives from various South Korean government agencies like the National Pension Service, National Health Insurance, National Tax Service, and the National Police Agency. They use phishing emails to lure their targets, which, when opened or clicked, infect victims' computers with malware, leading to data breaches and theft of personal information.
One of the primary targets of these hackers has been cryptocurrency trading accounts. The authorities have identified 19 instances where the hackers have stolen user IDs and profiles to gain unauthorized access to these accounts, although the exact amount of stolen crypto assets remains undisclosed.
In 2023, North Korea's hacking activities have shown a significant escalation in both scale and aggression. While in the previous year, the focus was on disseminating ransomware to extort money and valuables from victims, the current year has seen a shift towards more aggressive phishing attacks. As a response, South Korean authorities have shut down 42 phishing websites linked to these cybercrimes.
This uptick in cybercrime includes the notorious Lazarus Group, linked to North Korea, which has been engaging in social engineering attacks on Discord. These hackers pose as blockchain engineers and trick victims into downloading a malicious ZIP file under the guise of an arbitrage bot, a tool used for profiting from cryptocurrency rate differences. This eventually leads to the download and execution of a Python file known as Watcher.py. According to Elastic Security Labs, this malware is distinctive for its stealth, as it waits for commands from a server, thereby reducing the likelihood of detection.
The financial impact of these crypto heists is staggering. Since 2011, the cryptocurrency industry has suffered losses amounting to $12.36 billion, with approximately 30.74% of this total coming from cyberattacks on 192 cryptocurrency exchanges, resulting in a collective loss of $3.8 billion.
These developments highlight the evolving nature of cyber threats in the digital currency space, underscoring the need for heightened vigilance and robust cybersecurity measures among individuals and organizations alike. The South Korean National Police Agency's warning serves as a crucial reminder of the persistent and sophisticated nature of these cyber threats.
