Reports from the U.S. Secret Service have unearthed some compelling details about the 2017 attack by North Korean hackers to Bithumb. The South Korean cryptocurrency exchange Bithumb was a victim to these cyber criminals after falling for calculated data breach schemes.
The Hackers Accessed Data and Funds of over 30,000 Bithumb’s Customers
The hackers took advantage of the hiring season and sent malicious code to Bithumb’s employees masqueraded as job applications. Maeil Kyungjae, South Korea’s daily business newspaper, accounts that the North Korean hackers got a hold of personal data and funds of over 30,000 of Bithumb’s customers.
The cybercriminals demanded $16 million from the 20 billion that the South Korean cryptocurrency exchange had won. Otherwise, they would sell or destroy the data they had stolen.
The North Korean Hackers Could Be the Notorious Lazarus Group
The Federal Bureau of Investigation (FBI) launched an inquiry into the blackmail. The report, however, did not reveal the names of the hackers. Nonetheless, fingers are pointing at the state-sponsored North Korean hack group, the Lazarus Group.
The Lazarus Group has previously faced charges from the U.S. Department of Justice. The DOJ referred to the group as “belonging to the North Korean Reconnaissance Office.” Justifiably, the FBI North Korea hackers are likely to be the same Lazarus Group.
The Lazarus Group Is Very Active in the Cybercrime Space
The Lazarus Group is very active in the cybercrime space. The South Korean cryptocurrency exchange Bithumb is not their only victim. Fintechs and cryptocurrency firms are their favorite targets.
In February, the Department of Justice attributed over $1.3 billion lost in cryptocurrency to the North Korean cyber criminals. A Slovenian cryptocurrency firm was another victim to the cybercriminals, losing $75 million to them.
The state-sponsored North Korean hack group seems to be expanding its claws to the defense industry. Kaspersky researchers also discovered a calculated threat dubbed ThreatNeedle that Lazarus Group has been pushing against the defense department since 2020. Threadneedle is a backdoor malware that targets infected networks to access confidential information.