View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 15, 2017

North Korea linked to London bitcoin heist attempt

Many are excited by the soaring price of bitcoin, but perhaps none more so than the hackers.

By Tom Ball

A London cryptocurrency firm has allegedly been hit by cyberattacks targeting bitcoin, launched by The Lazarus Group, the notorious cybercrime organisation thought to be directly linked to North Korea.

Employees have been directly targeted with spear-phishing attacks as the hackers attempted to steal bitcoin from the organisation. The bait used by the hackers was a fake Chief Financial Officer job posting at the targeted company.

Once the malicious payload within an attached word document was triggered, a Remote Access Trojan (RAT) would be inconspicuously downloaded in the background, allowing the attacker to apply further malware on demand.

Bitcoin has been a preferred target for North Korean hackers since 2013, evidence of this has been discovered by Secureworks researchers, the same organisation that revealed the recent attack on the London cryptocurrency firm.

With bitcoin having recently achieved a new all-time high price as part of a steep price spike, bitcoin is more attractive to hackers than it ever has been, making cryptocurrency organisations prime targets. This incident will emphasise the importance of maintaining a heightened awareness of malicious cyber activity.

In line with this latest attack in the UK, similar attacks on South Korean bitcoin exchanges have also been identified recently and thought to potentially have North Korean origins. North Korea has previously launched attacks on South Korea in pursuit of financial gain.

The Lazarus Group has been associated with other major, high profile cyberattacks in recent years, including the WannaCry ransomware attack that inflicted significant damage on the NHS and the $81 million heist from Bangladesh Bank.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
US net neutrality vote threatens internet freedom


8 of the most outrageous tech predictions for 2018


28% of enterprises trial blockchain, but few are taking the plunge


Eyal Benishti, CEO & Founder of IRONSCALES, said: “Criminals are increasingly looking to monetise their efforts and with the increase in Bitcoin value it’s not surprising that they’re after these targets. The challenge is that Phishing campaigns are increasingly able to bypass legacy email filters and gateways. By adopting spoofing and impersonation techniques, and researching the target to make the lure both attractive and/or plausible – aka a new job, victims can be duped. The result is end users find it virtually impossible to identify phishing emails as they land in inboxes across the workforce, leaving them and the organisation exposed.

This incident also puts a focus the threat posed by today’s phishing attacks. In the latest attack it is believed that reconnaissance was done in formulating the attack, an easy task that can lead to the production of a highly formidable attack that disarms the unrespecting target.

Topics in this article : , , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.