North Korean hackers made a phishing attempt on Upbit users (South Korea's cryptocurrency exchange).
Korea News Correspondents published this development at 29 May 2019, detailing the issue of the theft of Upbit's user information. The hackers sent one e-mail claiming that Upbit users need to submit more information to qualify for a prize.
When users open the email containing information about false draws, malware is triggered, giving hackers access to user information and control of their devices for later access.
"In analyzing the attack tools and malicious code used by hacker groups, we saw some unique features," said Mun Chong Hyun, head of the ESRC Center at East Security, who identified the attack, according to CoinDesk Korea.
These features in particular indicate the North Korean hacker group Kim Soo-Ki, who used malware of similar construction to attempt to violate South Korean government services.
North Korean hackers are active in the South Korean encryption site for several years. Lazarus Group, for example, has stolen more than 571 million dollars in just over a year and a half between 2017 and 2018, primarily targeting the South Korean cryptocurrency exchange. During this work, the Lazarus Group received direct material support from the North Korean government.
This latest hacking attempt, however, seems to be weakened by the efforts of the East Security team. Mun Chong Hyun claimed that so far "we have no reports of any damage".
This is not the first time that Upbit has been involved in fraudulent activity. Last December, executives of both Upbit and its parent company, Dunamu, were accused of fraud after creating bogus files for millions of dollars of counterfeit money that were created to convince potential customers that Upbit had a much larger business volume than she actually had.