Hello, this is Kuksung Nam, Dain Oh, and Sojun Ryu in South Korea. We have picked five news stories for you. Have a great weekend!
1. Researchers Find Newest Version of LockBit Ransomware in Korea
Researchers at a cybersecurity firm based in South Korea said in a report on Tuesday that they had identified the spread of LockBit 3.0, the newest version of LockBit ransomware, within the country. Although the ransomware group released the latest version early in July, the older version was being distributed in South Korea, according to the ESTsecurity Security Response Center (ESRC) researchers. ESRC added in the report that the VenusLocker group, or a hacking group that mimics VenusLocker, appears to be behind the attack. The report stated that LockBit 3.0 is distributed through phishing emails disguised as a cover letter in a Hangul Word Processor (HWP) file, a widely used word processor in South Korea. LockBit has become a major threat to cybersecurity, dominating 34.3% of the entire ransomware scene. It has made phenomenal progress in just three years.
2. Korean Crypto Exchanges Suspend Solana Withdrawals
South Korea based cryptocurrency exchanges have temporarily suspended the deposit and withdrawal services for Solana’s sol token. Bithumb, one of the largest cryptocurrency exchanges in the country, wrote in a statement to its users on Wednesday that “as soon as the [Solana Foundation] network is stable, we will resume deposit and withdrawal services.” Other cryptocurrency exchanges such as Upbit, Coinone, and Korbit also suspended their services on Wednesday morning. The statement came after there was a hacking attack on the ecosystem which has affected thousands of wallets linked to the Solana cryptocurrency network. The Solana Status, a twitter account run by the Solana Foundation, confirmed the attack on the August 3, stating that “an exploit allowed a malicious actor to drain funds from a number of wallets on Solana.”
3. 129 Sextortion and Phishing Scammers Were Arrested in Korea
Three phishing gangs behind sextortion and messenger scams which caused 538 victims to suffer were taken into custody by South Korean law enforcement. Gyeonggi Nambu Police Agency, a police agency which oversees the southern province of Gyeonggi-do, announced Tuesday that a total of 129 suspects were arrested for blackmailing the victims and extorting 4.45 billion won ($3.43 million) collectively.
According to a press release by the police, the gangs organized their crime from March 2021, communicating through foreign social networks to avoid detection. The gangs reached out to the victims via social media and made them use video chat to conduct sextortion. Once the victims installed malicious software on their mobile phones, the gangs stole contact information from their devices and threatened to release the victims’ recorded videos if not paid. As part of money laundering, the gangs coerced some of the victims into transferring money directly to a gold shop.
The police put 35 suspects in jail, while requesting that Interpol issue a red notice on a gang leader who is believed to be in China. In addition, the police seized 190 million won in cash, 238 debit cards, and 76 mobile phones and USIM cards from the suspects. “The scammers conducted their crime, divided in the two countries of Korea and China, and the police were able to catch one leader in Korea,” Seong-taek Kim, chief of investigation at the cybercrime investigation unit of the police agency told The Readable. “We are continuing our analysis to apprehend the rest of the criminals,” said Kim.
4. Korea Teens Under Investigation for Hacking Exam Answers
South Korean law enforcement is investigating two high school students in the school district of Gwangju, a city in southwestern South Korea, for allegedly breaking into their teachers’ office and hacking the teachers’ laptop computers to gain access to the first semester examination papers and answers. According to the police, the students successively stole the examination papers and answers of seven subjects before the midterm test and nine subjects before the final test. To read the full story, click here.
5. Collaboration Between Magnus and NoCry. And Their Feedback
The Readable recently published an article about the Magnus and NoCry ransomware groups, which are active on Telegram. An analyst at S2W, a cybersecurity firm, first discovered that the two groups were cooperating. With the data provided by the analyst, The Readable analyzed the related contents more deeply. After the article was published, Magnus responded to The Readable, claiming that “Mr Clancy” was no longer working with them and had stopped developing ransomware. Magnus also added that Mr Clancy was a former developer of NoCry. Although the group introduced themselves as “Magnus Administration” in the first email they sent us, it seems clear that the two groups are working together, sharing information about Mr Clancy, who was a member of NoCry. To read The Readable’s original story, click here.