Security News > 2021 > April > North Korean hackers adapt web skimming for stealing Bitcoin
Hackers linked with the North Korean government applied the web skimming technique to steal cryptocurrency in a previously undocumented campaign that started early last year, researchers say.
The attacks compromised customers of at least three online stores and relied on infrastructure used for web skimming activities and attributed in the past to Lazarus APT, also known as Hidden Cobra.
An investigation from researchers at Group-IB cybersecurity company that started from Sansec's discovery revealed that the North Korean hackers in 2020 also attacked online shops that accepted payments in cryptocurrency.
According to the research, the attackers started using the modified script in late February 2020 and used the same infrastructure that served previous web skimming activity.
Looking closer at the code, Group-IB found that it had been saved discovered another hint pointing to a Korean actor: the Korean text for Greenwich Mean Time in a comment created by SingleFiles when saving a web page, suggesting the use of a system with Korean locale.
Based on the evidence revealed through Sansec research and its own, Group-IB attributes these attacks to the North Korean group of hackers with a high level of confidence.
News URL
Related news
- North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin (source)
- What It Costs to Hire a Hacker on the Dark Web (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Radiant links $50 million crypto heist to North Korean hackers (source)
- North Korean hackers stole $1.3 billion worth of crypto this year (source)
- FBI links North Korean hackers to $308 million crypto heist (source)
- Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)