Security News > 2021 > May > North Korean hackers behind CryptoCore multi-million dollar heists

Security researchers piecing together evidence from multiple attacks on cryptocurrency exchanges, attributed to a threat actor they named CryptoCore have established a strong connection to the North Korean state-sponsored group Lazarus.
Last year, cybersecurity company ClearSky published a report about the financially motivated CryptoCore campaign that targeted cryptocurrency wallets belonging to exchanges or their employees.
At the time of the report, CryptoCore was responsible for at least five attacks causing estimated losses of more than $200 million.
The paper showed an analysis of the malware used in the attack and outlined similarities between them and malware attributed to LAZARUS. A report from Japan's CERT JPCERT/CC, which shared an analysis of several incidents where employees of Japanese firms were contacted and convinced to download malicious files.
A report from the Japanese cybersecurity firm NTT SECURITY, which points to a campaign that they dubbed CRYPTOMIMIC. According to the report, large sums of money were stolen from crypto wallets by contacting users and convincing them to download malicious files.
Given all the similarities across these researchers allowed ClearSky to attribute with medium to high confidence all the CryptoCore campaigns to the North Korean hacking group Lazarus.
News URL
Related news
- Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- North Korean Lazarus hackers infect hundreds via npm packages (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)