North Korean Hackers Ramp Up Efforts to Steal Crypto Amid Coronavirus Pandemic

Notorious hacking group Lazarus is said to be increasing its efforts to steal cryptocurrency from traders and industry professionals during the COVID-19 crisis.

AccessTimeIconMay 11, 2020 at 8:47 a.m. UTC
Updated Aug 19, 2021 at 2:02 a.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Notorious hacking group Lazarus is said to be increasing its efforts to steal cryptocurrency from traders and industry professionals.

Cybersecurity experts, as cited in the Daily NK on Monday, said the group – widely believed to be sponsored by the government of the Democratic People's Republic of Korea – is making a concerted effort to target South Korean crypto holders amid the coronavirus pandemic. It's also looking further afield and launching attacks in other nations such as the U.S.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • ESTsecurity, a cybersecurity firm, warned Lazarus has been increasingly launching what are called adaptive persistent threats (APTs) – prolonged and targeted cyberattacks, whereby an intruder seeks to gain access to a network while remaining undetected.

    The firm detailed in a press release that one way hackers gain access to a network or exchange account is by sending emails with malicious attachments, claiming to be from legitimate services or entities. The hackers disguised some of these attachments as "blockchain software development contracts" and enticed victims to open them.

    "When it comes to attacking foreign institutions and companies, Lazarus is consistent in conducting attacks by email disguised as a job offer or job description," ESTsecurity said in a statement.

    "As such, the organization has been attacking cryptocurrency traders in Korea until recently," the firm added.

    Lazarus is best known in the crypto world for making off with $571 million in stolen funds in 2018 from various exchanges located around South Korea and Asia.

    Pressure from economic sanctions against North Korea has increased by the United Nations, the European Union and the U.S. over nuclear arms and military concerns against the backdrop of fresh coronavirus cases being reported on the peninsula.

    The increased attempts of theft in cryptocurrencies come as fresh news reports of a potential "second wave" in South Korea on Monday. There have been 34 new cases of the deadly virus, its highest daily number in a month as reported by Seven News Australia.

    Figures remain unclear in highly secretive North Korea. However, the total number of cases in the south has reached over 10,900, with 256 deaths in total, according to Worldometer, a COVID-19 tracking website.

    Amid the outbreak, ESTsecurity said a "spoofing request for cooperation regarding the outbreak of the [COVID-19] virus ... which was discovered on April 1, also revealed that domestic Bitcoin trading officials were partially included in the target."

    The group has also been targeting U.S. relations and diplomatic security, as well as aerospace companies and more, the firm said.

    In March, the U.S. Treasury Department's Office of Foreign Asset Control added 20 new Bitcoin addresses associated with two individuals to its list of sanctioned individuals. The two were said to be associated with Lazarus.

    The group has been accused of having stolen over $500 million in cryptocurrency since 2018. A United Nations Security Council expert panel has also accused the state of carrying out hacks of both fiat currencies and crypto in order to bypass economic sanctions.

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.