North Korean Hackers Disguise as South Korean Govt Agencies to Steal Cryptos: Report

North Korea South Korea
Last updated:
Author
Sujha Sundararajan
Author Categories
About Author

Sujha has been recognised as 🟣 Women In Crypto 2024 🟣 by BeInCrypto for her leadership in crypto journalism.

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Source: Pixabay

North Korea’s state-backed hacking group ‘Kimsuky,’ is supposedly behind a cryptocurrency heist, where hackers disguised as South Korean government agencies.

Per a local report, hackers impersonated as South Korean journalists, government agencies and research institutes. Between March and October 2023, a total of 1,468 people fell victim to the crypto hackers, the local police confirmed.

The victims included 57 incumbent or retired government officials in diplomacy, military and national security. The rest 1,411 victims were working in the private sector, the report added.

“The police will work closely with relevant institutions and agencies to continuously track down North Korea’s cyber-attacks and breaches to prevent losses,” a police officer noted.

Phishing Mails Sent


The South Korean National Police Agency said that the perpetrators sent phishing mails to execute the dubious act. These mails pretended to be sent from South Korean government agencies including the National Police Agency, National Health Insurance Service, National Pension Service and National Tax Service.

Further, it contained ‘clickbait’ – a link encouraging visitors to click to a particular web page – with words like notice, questionnaire. Once victims open the scam mail or attached files, the hackers infest computers with a malware, police explained.

The malware then stole victims’ personal information and cryptocurrency. “Illegal cyber activity was aimed at stealing cryptocurrency,” they added.

According to the police data, attackers stole ID’s and profile information of 19 victims to access their crypto trading accounts. Additionally, they seized 147 proxy servers to carry out crypto mining programs.

The police have closed 42 phishing websites operated by the North Korean hacker group to prevent further loss.

The North Korean Kimsuky hacker group operates under the country’s Reconnaissance General Bureau, North Korea’s foreign intelligence agency. South Korea government sanctioned Kimsuky in June.

More Articles

Altcoin News
Goldman Sachs Ramps Up Ether ETF Holdings by 2,000% as Bitcoin ETF Stash Surpasses $1.5B in Q4 2024
Ruholamin Haqshanas
Ruholamin Haqshanas
2025-02-12 07:27:13
Altcoin News
IRS Urges Appeals Court to Dismiss Crypto Founder’s Challenge to Tax Summonses
Ruholamin Haqshanas
Ruholamin Haqshanas
2025-02-12 06:02:14
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors