Threat Watch

North Korea Targets South Korean Upbit Users with Phishing Campaign

North Korea: North Korean hackers have been discovered to be targeting members of the South Korean cryptocurrency exchange Upbit.  Users were targeted through a phishing campaign which attempted to infect users with malware intended to allow the North Korean actors with remote access and control to the victim’s device while also eliciting personal information from the victims.  The attackers sent emails to the potential victims claiming that Upbit needed information from the users regarding the payout from fictional sweepstakes for tax purposes. The same tools utilized in this attack were previously used by North Korean actors in January to target members of the media, as well as another campaign targeting the South Korean government in early May.  In an interesting move, the hacker password protected the files being sent to the Upbit users which protected the malicious code from detection by traditional anti-virus tools.

ANALYST NOTES

As sanctions against North Korea continue and members of the United Nations continue to put pressure on the hermit kingdom, their need for financial support will continue to grow–meaning there will likely be no end to these kinds of financially-motivated attacks from North Korea anytime soon.