Cryptocurrency Hack: North Korean Outfit Lazarus Linked to South Korea Exchange Attack
Security researchers have determined that the notorious North Korean hacking outfit Lazarus Group were behind a large cryptocurrency hack on South Korean exchanges and users towards the tail end of 2017.
According to a report released by US cybersecurity firm, Recorded Future, malware used in the Sony Pictures security breach and WannaCry ransomware attack matches the malware used in the most recent attack on South Korea-based cryptocurrency exchange Coinlink.
The attack on Sony Pictures occurred in 2014 and remains one of the biggest breaches in corporate history, with Lazarus – then masquerading as The Guardians of Peace (GOP) – claiming they had been in Sony’s network for over a year without being traced before initiating an attack that would leave the entertainment giant’s network crippled for days, stealing valuable information on thousands of employees.
Coinlink, though, have denied the attack. “After contacting our security company, there are no real attempts to attack our site from North Korea. Also, email and passwords have not been hacked,” a representative told the IB Times.
Lazarus, who are believed to be backed by the North Korean government, have reached legendary status over the past decade and have priors when it comes to crypto hacking. “By 2017, North Korean actors had jumped on the cryptocurrency bandwagon. The first known North Korean cryptocurrency operation occurred in February 2017, with the theft of $7 mln (at the time) in cryptocurrency from South Korean exchange Bithumb. By the end of 2017, several researchers had reported additional spear phishing campaigns against South Korean cryptocurrency exchanges, numerous successful thefts, and even Bitcoin and Monero mining,” Insikt Group researchers wrote (via Coin Telegraph).
The latest attack is thought to be an attempt to rebalance some of the economic sanctions enforced by the international community. “We believe that this targeting is a continuation of North Korea’s attempts to use cryptocurrency as a means of circumventing sanctions and controls imposed by the international financial system,” Priscilla Moriuchi, director of strategic threat development at Recorded Future, told CNBC by email on Tuesday. “The sanctions are having a negative impact on the Kim (Jong Un) regime and we believe the regime sees cryptocurrency as a tool for easing some of the financial pressure.”
News of the 2017 attack did nothing to calm the nerves of crypto investors, who have seen a dramatic fall in prices since the spike of currencies like Bitcoin, Bitcoin Cash, LiteCoin and Ethereum in late December, 2017. With prices fluctuating so much many have decided to sell up and news of hacks and increased regulation are likely to scare off many potential investors, too.