Security News > 2021 > May > North Korean hackers behind CryptoCore multi-million dollar heists
Security researchers piecing together evidence from multiple attacks on cryptocurrency exchanges, attributed to a threat actor they named CryptoCore have established a strong connection to the North Korean state-sponsored group Lazarus.
Last year, cybersecurity company ClearSky published a report about the financially motivated CryptoCore campaign that targeted cryptocurrency wallets belonging to exchanges or their employees.
At the time of the report, CryptoCore was responsible for at least five attacks causing estimated losses of more than $200 million.
The paper showed an analysis of the malware used in the attack and outlined similarities between them and malware attributed to LAZARUS. A report from Japan's CERT JPCERT/CC, which shared an analysis of several incidents where employees of Japanese firms were contacted and convinced to download malicious files.
A report from the Japanese cybersecurity firm NTT SECURITY, which points to a campaign that they dubbed CRYPTOMIMIC. According to the report, large sums of money were stolen from crypto wallets by contacting users and convincing them to download malicious files.
Given all the similarities across these researchers allowed ClearSky to attribute with medium to high confidence all the CryptoCore campaigns to the North Korean hacking group Lazarus.
News URL
Related news
- North Korean hackers now launder stolen crypto via YoMix tumbler (source)
- North Korean hackers linked to defense sector supply-chain attack (source)
- New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide (source)
- North Korean Hackers Targeting Developers with Malicious npm Packages (source)
- Japan warns of malicious PyPi packages created by North Korean hackers (source)