Security News > 2021 > April > North Korean hackers adapt web skimming for stealing Bitcoin

Hackers linked with the North Korean government applied the web skimming technique to steal cryptocurrency in a previously undocumented campaign that started early last year, researchers say.
The attacks compromised customers of at least three online stores and relied on infrastructure used for web skimming activities and attributed in the past to Lazarus APT, also known as Hidden Cobra.
An investigation from researchers at Group-IB cybersecurity company that started from Sansec's discovery revealed that the North Korean hackers in 2020 also attacked online shops that accepted payments in cryptocurrency.
According to the research, the attackers started using the modified script in late February 2020 and used the same infrastructure that served previous web skimming activity.
Looking closer at the code, Group-IB found that it had been saved discovered another hint pointing to a Korean actor: the Korean text for Greenwich Mean Time in a comment created by SingleFiles when saving a web page, suggesting the use of a system with Korean locale.
Based on the evidence revealed through Sansec research and its own, Group-IB attributes these attacks to the North Korean group of hackers with a high level of confidence.
News URL
Related news
- Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- North Korean Lazarus hackers infect hundreds via npm packages (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)