North Korean hackers have been found to have made hacking attempts by sending bogus white papers that contain malicious codes via email. Also, it has been confirmed that six entities at home and abroad, suspected to be crypto exchanges, opened the files.
Korea’s cybersecurity company Cuvepia said Thursday that it had confirmed North Korean hackers’ spread of malicious codes through white papers and the opening of the files by six entities. “We verified the addresses of the six entities and speculate that they are not individuals but crypto exchanges,” said Cuvepia CEO Kwon Seok-chul, adding that “we identified hackers’ access records and could confirm North Korea’s hacks through our technology tracking down on the source.” He went on to say that it was impossible to confirm how serious the damage was because hackers could lie in hiding without launching attacks after gaining control of the machines through malicious codes, calling for efforts to minimize the damage through real-time tracking programs.
There are signs that in October and November, the same hackers also disseminated bogus white papers, centering around KakaoTalk chatrooms, investor communities and other places where crypto investors converged. “We failed to confirm how many people opened the files like we did in September but the chances are high that unspecified masses might have opened the files,” Kwon said.
North Korean hacking attacks are nothing new. The hackers typically send victims files containing malicious codes to gain access to victims’ computers and obtain the cryptocurrency wallet keys. Hacking attacks through a malicious code is classic, but preventing them is not easy. That’s because crypto exchanges cannot but open files believed to contain white papers or resumes. Investors are also apt to carelessly open files that are shared in communities.
It has become all the more difficult to prevent hacks as the hacking targets expanded from crypto exchanges into individual investors. North Korean hackers have concentrated their cyberattacks to date on crypto exchanges, first targeting Yapizon, the predecessor of Youbit that went bust, Bithumb and Coinis. According to Radio Free Asia (FRA) of the United States, North Korea’s hacking group Hidden Cobra attacked exchanges by sending emails impersonating Korea’s Financial Services Commission. Russia’s Group-IB also said the Lazarus Group, an elite hacking unit, spread malicious codes, targeting crypto exchanges. Of late, North Korean hackers have tried to steal cryptocurrencies from individual investors. Cuvepia announced in late November that it had detected more than 30 cases in which suspected North Korean hackers preyed on individual cryptocurrency investors.
Experts advise investors to use paid vaccines for computers where crypto assets are stored and pay attention to the filename extension while opening files. Kwon called for caution, citing a case in which hackers attacked, pretending to use “.ARI” files that should execute specific software to open files. Korea Cyber Security Association Chairman Kim Hyun-keol called for using best vaccine programs, saying it’s difficult to prevent all hacks with free vaccine programs. /hyun@decenter.kr
- 사동석 기자
- sahds@dcenter.kr