North Korean hacker group seen behind crypto attack in South

Register now

(Bloomberg) -- The same North Korean hacking outfit associated with the Sony Pictures Entertainment data theft was behind attacks on South Korean cryptocurrency users and exchanges toward the end of last year, U.S.-based researchers said.

Lazarus Group, an organization thought be tied to the North Korean government, launched a so-called spear-phishing campaign against crypto users in the weeks preceding the opening of talks with South Korea, according to a report Tuesday from Insikt, a research team at Recorded Future.

The cybersecurity company said it found technical similarities between those incursions and other North Korean-linked activities, including the data heist at Sony Pictures and the WannaCry ransomware attack, in which victims were forced to pay hackers in Bitcoins.

“This late-2017 campaign is a continuation of North Korea’s interest in cryptocurrency, which we now know encompasses a broad range of activities including mining, ransomware, and outright theft,” the report says.

Last month, the owner of Bitcoin exchange Youbit said it would close and enter bankruptcy proceedings after a cyber-attack claimed 17 percent of its total assets. It was also hit by an attack in April that local media linked to North Korea. Hackers associated with the regime have been working to raise cash after the U.S. stepped up sanctions in a bid to thwart Kim Jong Un’s push for the ability to strike American soil with a nuclear weapon.

Bitcoin, the largest digital coin, is off to a tumultuous start this year, as the prospect of regulatory crackdowns has spread, including in South Korea. Shutting down cryptocurrency exchanges is still an option, Finance Minister Kim Dong-yeon said in an interview with TBS radio. Kim said there’s irrational speculation and that rational regulation was needed.

Bitcoin slumped as much as 20 percent Tuesday.

Bloomberg News