Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
A member of the South Korean parliament charges that North Korea used a phishing scheme in a massive cryptocurrency theft, according to several published reports.
Kim Byung-kee, a member of South Korea's parliamentary intelligence committee, made the charges on Monday (February 5), and claimed that only did the North Koreans steal cryptocurrency in 2017, but the country is continuing to penetrate South Korean exchanges this year.
In terms of how much was taken, Kim only noted it was in the billions of won -- the country's official currency. One estimate reckons a billion won in cryptocurrency could be worth about $920,000.
"North Korea sent emails that could hack into cryptocurrency exchanges and their customers' private information and stole (cryptocurrency) worth billions of won," said Kim, according to the Reuters report.
The report noted that South Korea's intelligence agency has been trying to stop the current attacks on the country's exchanges.
While details about the scheme were scarce, the Korea Herald reported that North Korean hackers used a series of emails or social media messages to steal customers' passwords and other personal information. North Korea also appears to have used technology from a South Korean company to thwart anti-hacking tools.
By shrouding itself in secrecy, North Korea has made it difficult for others to gauge its hacking and cyber warfare capabilities. Periodic reports from South Korea intelligence offer some information, but it's hard to verify what one country claims about the other.
However, it's believed by security and intelligence experts that North Korea, officially the Democratic People's Republic of Korea or DPRK, has an extensive cyber warfare operation that has committed a series of financial crimes. (See Cybercrime Is North Korea's Biggest Threat.)
Specifically DPRK Office 91, which is also known as the Lazarus Group, is suspected of being behind the WannaCry ransomware attack that was considered one of the largest attacks of 2017. (See Kaspersky Names WannaCry 'Vulnerability of the Year'.)
Earlier this year, McAfee detected a campaign that targeted North Korean dissidents and journalists, and although the report found a North Korean IP address, it's not clear if the group is associated with the country or operating on its own. (See McAfee: Attackers Targeting North Korean Dissidents, Journalists.)
Related posts:
— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
