North Korean phishing attempt almost works on Upbit customers
If there’s one thing North Korea is really good at, it’s figuring out how to be a nuisance with their hacking methods. They reminded their Southern neighbors of this again recently when a phishing and malware attack went out to customers of Upbit on May 28.
CoinDesk reports the phishing attack came in the form of an email purporting to be from the South Korean cryptocurrency exchange. It told customers that more customer information was necessary for a sweepstakes, and provided a file for them to download and fill out.
Security company East Security notes that the file, which appears on the surface to be legitimate, will install malware on the customers’ machines and send sensitive data like private keys and logins back to its parent North Korean server. Their analysis indicates that the attack likely came from the North Korean group Soo-ki.
“In analyzing attack tools and malicious codes used by hacker groups, there are unique characteristics we saw,” said head of the ESRC Center at East Security Mun Jong-hyun. The phishing attempt had similar characteristics to previous attacks by the Soo-ki group against South Korean government agencies.
Adding to the ingeniousness of their attack, the malicious file was password protected with the world “UPBIT,” preventing anti-malware software from analyzing the file. Despite their crafty attempt, there are no reports of customers losing funds at this time.
Mun Jong-hyun doesn’t expect this to be the last we’ve heard of the Soo-ki gang. He notes that as the cryptocurrency markets increase in value and more customers invest in the industry, hacking attempts are more and more likely to target unsuspecting customers. With North Korea supporting rather than trying to squash the attacks, there’s not much that can be done to cut off the supply of attacks.
The only real solution is for customers to be vigilant and understand the red flags of a potential phishing attempt. Considering these North Korean hackers found a way to circumvent anti-malware software, no level of vigilance is too low to protect a customer’s financial security.
Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as SegWitCoin BTC coins. Altcoins, which value privacy, anonymity, and distance from government intervention, are referenced as dark coins.
Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.