Security firm finds North Korean hacking attempts targeting crypto users

By Kuksung Nam, The Readable
Dec. 6, 2022 6:42PM KST

The Lazarus hacking group, which authorities say has links with the North Korean government, has created a fake website that is linked with a malicious code to target cryptocurrency users, a private cybersecurity firm reported.

According to a report by Volexity on December 1, the hacking group created a new website in June of this year. The cybersecurity firm discovered that this website was largely a duplication of another existing automated cryptocurrency trading website.

The report explained that a Microsoft installation file related to the fake website was used to install both a malicious software and a legitimate cryptocurrency trading application. This means that a crypto user or organization could be deceived by the clone website and could end up installing a new AppleJeus malware without their knowledge.

This activity could be classified as one of the ongoing attempts of the Lazarus group to steal cryptocurrencies. According to a joint advisory statement released last year by the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the U.S. Treasury Department, the hacking group targeted organizations in over 30 countries in 2020, attempting to steal digital assets.

Moreover, the joint advisory committee detailed that North Korea has used AppleJeus malware disguised as cryptocurrency trading platforms since at least 2018.

The authorities believe that the illicit cyber activities conveyed by North Korean hackers are aimed at generating revenue for the country’s nuclear weapons and missile programs while evading global sanctions. Hence, both the U.S. and South Korea are putting their efforts into tackling the malicious cyber activities by North Korea.

In May, the U.S. sanctioned a digital currency mixing firm which was accused of assisting Lazarus Group to execute one of the biggest cryptocurrency heists in March. The hacking group itself was sanctioned by the U.S. as a North Korean state-sponsored malicious cyber group in 2019.

In addition, South Korea is strengthening their parentship with the U.S. to combat North Korea’s cryptocurrency theft and laundry. The two countries held the second bilateral working group meeting on North Korea cyber threats last month in Seoul and discussed countermeasures against North Korean’s cyber activities. The first bilateral meeting took placed in August in Washington.

The cover image of this article was designed by Sangseon Kim.

Kuksung Nam is a cybersecurity journalist for The Readable. She covers cybersecurity issues in South Korea, including the public and private sectors. Prior to joining The Readable, she worked as a political reporter for one of the top-five local newspapers in South Korea, The Kyeongin Ilbo, where she reported several exclusive stories regarding the misconduct of local government officials. She is currently focused on issues related to anti-fraud, as well as threats and crimes in cyberspace. She is a Korean native who is fluent in English and French, and she is interested in delivering the news to a global audience.