Security News > 2021 > May > North Korean hackers behind CryptoCore multi-million dollar heists

Security researchers piecing together evidence from multiple attacks on cryptocurrency exchanges, attributed to a threat actor they named CryptoCore have established a strong connection to the North Korean state-sponsored group Lazarus.

Last year, cybersecurity company ClearSky published a report about the financially motivated CryptoCore campaign that targeted cryptocurrency wallets belonging to exchanges or their employees.

At the time of the report, CryptoCore was responsible for at least five attacks causing estimated losses of more than $200 million.

The paper showed an analysis of the malware used in the attack and outlined similarities between them and malware attributed to LAZARUS. A report from Japan's CERT JPCERT/CC, which shared an analysis of several incidents where employees of Japanese firms were contacted and convinced to download malicious files.

A report from the Japanese cybersecurity firm NTT SECURITY, which points to a campaign that they dubbed CRYPTOMIMIC. According to the report, large sums of money were stolen from crypto wallets by contacting users and convincing them to download malicious files.

Given all the similarities across these researchers allowed ClearSky to attribute with medium to high confidence all the CryptoCore campaigns to the North Korean hacking group Lazarus.

News URL

https://www.bleepingcomputer.com/news/security/north-korean-hackers-behind-cryptocore-multi-million-dollar-heists/