North Korea: North Korean hackers have been discovered to be targeting members of the South Korean cryptocurrency exchange Upbit. Users were targeted through a phishing campaign which attempted to infect users with malware intended to allow the North Korean actors with remote access and control to the victim’s device while also eliciting personal information from the victims. The attackers sent emails to the potential victims claiming that Upbit needed information from the users regarding the payout from fictional sweepstakes for tax purposes. The same tools utilized in this attack were previously used by North Korean actors in January to target members of the media, as well as another campaign targeting the South Korean government in early May. In an interesting move, the hacker password protected the files being sent to the Upbit users which protected the malicious code from detection by traditional anti-virus tools.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is