Cybersecurity experts have linked North Korea to an apparent attack on South Korean cryptocurrency exchanges, claiming that Pyongyang’s black hats used the same malware code that was unleashed against Sony in 2014, Sputnik reported.
US cybersecurity firm Recorded Future claimed that in late 2017, a hack attack was launched against Coinlink. The attackers attempted to steal the passwords and emails of Coinlink employees, but the attack was repulsed.
Recorded Future added that they analyzed the malware used by the attackers and found that it matched two previous attacks: the 2014 hack of Sony Pictures and the 2017 WannaCry attack on hundreds of different groups, most notably the British National Health Service.
Coinlink rebuked the report, insisting that no attacks were made against their exchange from North Korea or elsewhere.
In 2014, hacking group Lazarus launched a cyberattack against Sony Pictures in 2014 in retaliation for the studio's distribution of "The Interview," a comedy film about an assassination attempt against North Korean leader Kim Jong-un. North Korea has denied responsibility for the attack.
In May 2017, a ransomware known as WannaCry infected 300,000 computers across 150 countries, threatening to slash data if a ransom of $300-$600 was not paid via cryptocurrency. Most refused to pay, causing an estimated hundreds of millions of dollars in damages. After cybersecurity experts analyzed the attack, the US, UK and Australian governments accused North Korea of being behind the attack — again, Pyongyang denied it.
The common thread behind all three attacks is the Lazarus Group. The black hatters are thought to be a state-sponsored hacking group with the tacit support of Pyongyang. South Korean intelligence estimates that 1,700 state-sponsored hackers work for North Korea.
Lazarus first became active in at least 2009, when they gained infamy for spreading the MyDoom malware virus that targeted American and South Korean websites. The coordinated cyberattacks against North Korea's two biggest rivals affected websites including the White House, The Pentagon, the Blue House, the South Korean Ministry of Defense, and the South Korean National Assembly.
But in recent years, North Korea's purported hacking strategy has shifted from wreaking political havoc to gathering money from financial institutions. In 2016, Lazarus launched a cyberattack against the central bank of Bangladesh, making off with $81 million.
Their most recent approach has been to target cryptocurrency exchanges. In February 2017, they attacked Bithumb, a South Korean exchange, and stole $7 million. In December, they stole 17 percent of the assets of South Korean Bitcoin exchange service YouBit.
Analysts noted that all of these attacks used similar code patterns and tactics and matched politically motivated hacking attacks levied against South Korea.
Lazarus is also thought to be behind an attempt to hack the personal computer of South Korean Defense Minister Han Min-goo in September 2016. A second attack against the Defense Ministry in October 2017 succeeded in making off with 235 gigabytes of sensitive information.