DPRK hackers impersonate South Korean officials to steal crypto

According to South Korea’s National Police Agency, the hackers stole the information of 1,468 victims between March and October 2023.

North Korean hackers are now trying to lure victims by pretending to be South Korean officials and journalists in a bid to steal crypto.

According to a Korean local newspaper Korea JoongAng Daily, DPRK-linked cybercriminals stole the information of 1,468 victims between March and October 2023, including 57 incumbent or “retired government officials in diplomacy, military and national security.”

The police say North Korea has doubled down on its efforts to steal private data via email phishing, impersonating the South Korean National Police Agency, National Health Insurance Service, National Pension Service and National Tax Service. According to the report, the hackers are using clickbait words such as “notice” or “questionnaire” to lure victims.

Once victims open links included in the email, a malware creates hidden channels on computer and mobile devices to steal personal data. The police believe that the latest activity is part of North Korea’s efforts aimed at stealing crypto, as nearly two dozen victims’ IDs and profiles were used to get access to their crypto trading accounts, without disclosing which crypto platforms were under radar.

In early Nov. 2023, crypto.news reported that the infamous North Korean hacking group Lazarus has started distributing a malicious Python app posing as a crypto arbitrage bot via a direct message on a public Discord server. According to Elastic Security Labs, the so-called Kandykorn malware is being distributed in a form of a ZIP archive.