International company Recorded Future, working in the field of technological security, concluded that for new attacks on investors, South Korea’s crypto-currencies, which occurred at the end of 2017, are the hacker group associated with the authorities of the DPRK.
“Agents of the North Korean government, especially the Lazarus group, continued their attacks on South Korean stock exchanges and their participants at the end of 2017 before New Year’s speech by Kim Jong-no and subsequent dialogues of North and South Korea,” the report said on the official website of Recorded Future.
The document clarifies that the goals of the group were not only the South Korean stock exchanges, including the Coinlink Exchange, but also the Friends of the Ministry of Foreign Affairs.
According to the text of the report, the technique, coding and goals allow us to assert that the actions of hackers are the North Korean government.
During the analysis of malicious programs, the company’s specialists discovered the code Destover.
“Destover was involved in a number of operations associated with the DPRK: against Sony Pictures Entertainment in 2014, the Polish banks in January 2017, as well as the first victim of the WannaCry virus in February 2017,” the authors of the report write.
According to experts, the malicious program used, including Chinese terms, “as a distracting maneuver.”
Earlier, the company’s specialists in the field of cyber security AlienVault revealed a malicious program that installed an application for the extraction of crypto currency on the infected computer, and the resulting revenue was redirected to the server in the DPRK.
In mid-December, South Korean intelligence said it had received evidence of possible involvement of the DPRK in the theft of personal information of about 30,000 users of Bithumb’s most popular currency exchange in the country. Another similar incident occurred on another site – Coinis – in September.