North Korea hackers allegedly sent malicious emails to unsuspecting users of the Upbit exchange claiming to be company officials
According to East Security, a security company users of Upbit exchange received a malicious email from a group of North Korean hackers on May 8, 2019. The email’s subject gave the impression that Upbit is requesting for information on fictional sweepstakes payout for tax purposes. However, the message was not from the exchange because it originated from a server in North Korea.
The body of the message, on the other hand, came with an attached file and on being launched, a malicious code began to run in the background. The code could hijack the user’s data, private keys, and login info stored on their computer. It could also launch a command-and-control system that gave the cybercrime actor remote access to the computer, at a later time.
In the same vein, there was no way for traditional antivirus programs to detect the code since the message came with a password in the word “UPBIT”. As of now, there have been no reported cases of a user losing their funds through the phishing attack even though people have been warned to avoid clicking on suspicious links.
While commenting on the attack, Mun Chong Hyun, head of the ESRC Center at East Security revealed that the operation was carried out by a hacking group in North Korea. He also said that when the tools and malicious codes used by the group was analyzed, it had unique characteristics similar to the Operation Fake Strike attack on Korean government agencies in early May.
Mun Chong Hyun is also of the opinion that the recent spike in Bitcoin’s price has attracted more investors into the crypto space. As such, more people using cryptocurrency exchanges also creates more targets for hackers. It has also increased the chances for cryptocurrencies to be stolen on these virtual currency exchanges.