Security News > 2021 > April > North Korean hackers adapt web skimming for stealing Bitcoin

Hackers linked with the North Korean government applied the web skimming technique to steal cryptocurrency in a previously undocumented campaign that started early last year, researchers say.

The attacks compromised customers of at least three online stores and relied on infrastructure used for web skimming activities and attributed in the past to Lazarus APT, also known as Hidden Cobra.

An investigation from researchers at Group-IB cybersecurity company that started from Sansec's discovery revealed that the North Korean hackers in 2020 also attacked online shops that accepted payments in cryptocurrency.

According to the research, the attackers started using the modified script in late February 2020 and used the same infrastructure that served previous web skimming activity.

Looking closer at the code, Group-IB found that it had been saved discovered another hint pointing to a Korean actor: the Korean text for Greenwich Mean Time in a comment created by SingleFiles when saving a web page, suggesting the use of a system with Korean locale.

Based on the evidence revealed through Sansec research and its own, Group-IB attributes these attacks to the North Korean group of hackers with a high level of confidence.

News URL

https://www.bleepingcomputer.com/news/security/north-korean-hackers-adapt-web-skimming-for-stealing-bitcoin/