A recent report from the U.S. Secret Service reports states that North Korean hackers allegedly threatened South Korean Crypto Exchange Bithumb, following a data breach on June 29, 2017, that saw data tied to over 30,000 customers being exposed.
According to South Korean media outlet Maeil Kyungjae, authorities in the U.S. have discovered that hackers allegedly tied to North Korea were able to access leaked customer data from Bithumb during the data breach and went on to demand a ransom of 20 billion won ($16 million) from the exchange.
The attackers have also been accused of deploying malware through fake job listings for Bithumb employees. This was orchestrated throughout the period during which the exchange was hiring that year.
“After North Korean hackers made fraudulent remittances (to prevent tracking and response), they sprayed malicious code on over 400 foreign trade bank computers.”
The Federal Bureau of Investigation (FBI) joined hands with local authorities throughout the investigation while making the correspondent inquiries. Reportedly, a ransom noted even threatened to “sell or destroy the customer’s virtual currency unless a certain amount is given.”
Lazarus Group involved?
The report doesn’t specify the names of the attackers, but it is highly likely that the government-backed Lazarus Group could be behind the attack. Local media have previously linked them to several large-scale attacks. These are attributed to the indictments filed by the U.S. Department of Justice (DOJ) to hackers “belonging to the North Korean Reconnaissance Office.”
The Lazarus Group is accused of stealing over $1.3 billion in cryptocurrencies and fiat via a series of crypto heists over the past few years. The group was involved in a case related to an unnamed Slovenian crypto company where the hackers managed to get away with $75 million. They also managed to steal $24.9 million from an Indonesian company in late 2018.
As previously reported by The Daily Chain, the group deployed a new phishing attack last year across several nations including the Netherlands, Singapore, Germany, Japan, the US, and the UK, which involved spearphishing via LinkedIn, by sending fake, tailored job offers to targets.