North Korean Hackers Target Crypto Exchange UPbit's South Korean Users

North Korean hackers have been using a familiar phishing tool to steal UPbit customer details, security experts allege.

May 31, 2019 at 2:21 a.m. UTC
Updated Sep 13, 2021 at 9:15 a.m. UTC

North Korean hackers have allegedly attacked users of South Korean exchange UpBit with a clever phishing exploit.

According to data released by the security company East Security, the hacker attempted a cyberattack by sending a phishing e-mail on May 28. The subject of the mail suggested that UPbit needed more information regarding a fictional sweepstakes payout for tax purposes. The mail did not come from the exchange but from another server outside of South Korea.

The email contained a file claiming to contain documentation for the payout. According to East Security, running this file displayed what looked like a normal document but would activate malicious code. It would then send data about the user's machine as well as exchange logins to the hackers and then connect the machine to a command-and-control system for later remote access.

"In analyzing attack tools and malicious codes used by hacker groups, there are unique characteristics we saw," said Mun Chong Hyun, head of the ESRC Center at East Security. He noted that these are similar to another attack called Operation Fake Striker that attacked Korean government agencies earlier this month.

The hackers also used the same techniques in January to target reporters, though this seems the first attack by the suspected group on a crypto firm.

"As bitcoin prices rise, more and more people are using exchanges. What this means to the hackers is that the number of targets have increased, and so have the chances of stealing cryptocurrencies stored in the exchanges," said Mun Chong Hyun.

In a clever move, the hackers password-protected the malicious file with the word "UPBIT." This means that traditional anti-virus tools would not be able to detect the malicious code.

"We have not heard of any reported damage," noted Mun Chong Hyun. "In order to avoid cyber attacks, you should not install or click suspicious files or documents."

Research by Park Geunmo at CoinDesk Korea.

Image via Shutterstock

The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Trending

1
Celsius Network Files Draft S-1 Form to Take Its Mining Unit Public

The filing is expected to become effective after the SEC completes its review process, subject to market and other conditions.

The filing is expected to become effective after the SEC completes its review process, subject to market and other conditions.

2
Mawson to Develop New Bitcoin Mining Site in Texas

The facility could accommodate up to 4 EH/s of mining power.

The facility could accommodate up to 4 EH/s of mining power.

3
German Regulator Calls For New DeFi Laws

BaFin's Birgit Rodolphe said decentralized applications like insurance, lending and securities could be subject to significant fraud and losses, and called for EU-level action.

BaFin's Birgit Rodolphe said decentralized applications like insurance, lending and securities could be subject to significant fraud and losses, and called for EU-level action.

4
US and EU Look to Blockchain to Track Greenhouse Gas Emissions

The U.S.-EU Trade and Technology Council’s Climate and Clean Tech working group announced its aims in a joint document published Monday.

The U.S.-EU Trade and Technology Council’s Climate and Clean Tech working group announced its aims in a joint document published Monday.