Cybersecurity News that Matters

Cybersecurity News that Matters

Security firm finds North Korean hacking attempts targeting crypto users

by Kuksung Nam, Sangseon Kim

Dec. 06, 2022
9:42 AM GMT+9

The Lazarus hacking group, which authorities say has links with the North Korean government, has created a fake website that is linked with a malicious code to target cryptocurrency users, a private cybersecurity firm reported.

According to a report by Volexity on December 1, the hacking group created a new website in June of this year. The cybersecurity firm discovered that this website was largely a duplication of another existing automated cryptocurrency trading website.

The report explained that a Microsoft installation file related to the fake website was used to install both a malicious software and a legitimate cryptocurrency trading application. This means that a crypto user or organization could be deceived by the clone website and could end up installing a new AppleJeus malware without their knowledge.

This activity could be classified as one of the ongoing attempts of the Lazarus group to steal cryptocurrencies. According to a joint advisory statement released last year by the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the U.S. Treasury Department, the hacking group targeted organizations in over 30 countries in 2020, attempting to steal digital assets.

Moreover, the joint advisory committee detailed that North Korea has used AppleJeus malware disguised as cryptocurrency trading platforms since at least 2018.

The authorities believe that the illicit cyber activities conveyed by North Korean hackers are aimed at generating revenue for the country’s nuclear weapons and missile programs while evading global sanctions. Hence, both the U.S. and South Korea are putting their efforts into tackling the malicious cyber activities by North Korea.

In May, the U.S. sanctioned a digital currency mixing firm which was accused of assisting Lazarus Group to execute one of the biggest cryptocurrency heists in March. The hacking group itself was sanctioned by the U.S. as a North Korean state-sponsored malicious cyber group in 2019.

In addition, South Korea is strengthening their parentship with the U.S. to combat North Korea’s cryptocurrency theft and laundry. The two countries held the second bilateral working group meeting on North Korea cyber threats last month in Seoul and discussed countermeasures against North Korean’s cyber activities. The first bilateral meeting took placed in August in Washington.


Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

Stay Ahead with The Readable's Cybersecurity Insights