North Korean Hackers Ramp Up Efforts to Steal Crypto Amid Coronavirus Pandemic

Notorious hacking group Lazarus is said to be increasing its efforts to steal cryptocurrency from traders and industry professionals during the COVID-19 crisis.

AccessTimeIconMay 11, 2020 at 8:47 a.m. UTC
Updated Sep 14, 2021 at 8:39 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Notorious hacking group Lazarus is said to be increasing its efforts to steal cryptocurrency from traders and industry professionals.

Cybersecurity experts, as cited in the Daily NK on Monday, said the group – widely believed to be sponsored by the government of the Democratic People's Republic of Korea – is making a concerted effort to target South Korean crypto holders amid the coronavirus pandemic. It's also looking further afield and launching attacks in other nations such as the U.S.

ESTsecurity, a cybersecurity firm, warned Lazarus has been increasingly launching what are called adaptive persistent threats (APTs) – prolonged and targeted cyberattacks, whereby an intruder seeks to gain access to a network while remaining undetected.

The firm detailed in a press release that one way hackers gain access to a network or exchange account is by sending emails with malicious attachments, claiming to be from legitimate services or entities. The hackers disguised some of these attachments as "blockchain software development contracts" and enticed victims to open them.

"When it comes to attacking foreign institutions and companies, Lazarus is consistent in conducting attacks by email disguised as a job offer or job description," ESTsecurity said in a statement.

"As such, the organization has been attacking cryptocurrency traders in Korea until recently," the firm added.

Lazarus is best known in the crypto world for making off with $571 million in stolen funds in 2018 from various exchanges located around South Korea and Asia.

Pressure from economic sanctions against North Korea has increased by the United Nations, the European Union and the U.S. over nuclear arms and military concerns against the backdrop of fresh coronavirus cases being reported on the peninsula.

The increased attempts of theft in cryptocurrencies come as fresh news reports of a potential "second wave" in South Korea on Monday. There have been 34 new cases of the deadly virus, its highest daily number in a month as reported by Seven News Australia.

Figures remain unclear in highly secretive North Korea. However, the total number of cases in the south has reached over 10,900, with 256 deaths in total, according to Worldometer, a COVID-19 tracking website.

Amid the outbreak, ESTsecurity said a "spoofing request for cooperation regarding the outbreak of the [COVID-19] virus ... which was discovered on April 1, also revealed that domestic Bitcoin trading officials were partially included in the target."

The group has also been targeting U.S. relations and diplomatic security, as well as aerospace companies and more, the firm said.

In March, the U.S. Treasury Department's Office of Foreign Asset Control added 20 new Bitcoin addresses associated with two individuals to its list of sanctioned individuals. The two were said to be associated with Lazarus.

The group has been accused of having stolen over $500 million in cryptocurrency since 2018. A United Nations Security Council expert panel has also accused the state of carrying out hacks of both fiat currencies and crypto in order to bypass economic sanctions.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.