Police shut down 42 fake sites as North Korean hackers strike again


  • North Korean hackers stole crypto from 19 victims by posing as officials and journalists, also mining on seized servers.
  • Police shut down 42 fake hacker websites and will share server info with experts.
  • Lazarus Group, linked to North Korea, moved $8.5 million via blockchain, controlling 125 Bitcoin addresses.

In a recent cybersecurity report, it has been revealed that North Korean hackers launched a sophisticated attack, posing as officials and journalists to steal cryptocurrency from unsuspecting victims. 

The campaign spanned from March to October, during which the hackers expropriated user IDs and profiles of 19 victims to gain access to their cryptocurrency trading accounts. Additionally, they utilized more than 147 proxy servers they had seized to execute crypto mining programs, further expanding their illicit activities.

Cryptocurrency theft tactics

The hackers’ modus operandi involved impersonating various personas, including government officials and members of the media. This allowed them to gain the trust of their victims and gain access to their sensitive information. Once inside, they seized control of cryptocurrency trading accounts, siphoning off digital assets without the account holders’ consent.

Less than a year ago, these same North Korean hackers had employed malicious software to steal cryptocurrency, causing widespread concerns about potential property and asset loss. The report indicates that in their previous campaign, the hackers distributed ransomware, coercing victims into paying significant sums to regain access to their digital property.

In response to this cyber threat, law enforcement agencies have taken decisive action. A total of 42 fake websites operated by North Korean hackers were shut down in collaboration with the Korea Internet & Security Agency. This measure was taken to prevent further individuals from falling victim to these deceptive websites.

Additionally, the police are set to provide government intelligence and cyber experts with a list of servers used by the hackers, aiding in tracking and potentially disrupting their operations.

Historical impersonation tactics

The report highlights a historical pattern of North Korean hackers feigning government affiliations to achieve their financial goals. In one instance, they sent deceptive emails in May, impersonating an assistant of Rep. 

Tae Yong-ho, a former North Korean diplomat who defected to South Korea. These deceptive tactics demonstrate the hackers’ adaptability and ingenuity in pursuing their criminal objectives.

This recent revelation follows a separate report indicating a significant rise in hacking activities originating from North Korea. On August 1st, blockchain investigator ZachXBT made startling claims regarding the Lazarus Group, a notorious hacking organization believed to be backed by the North Korean government. 

According to ZachXBT, the group managed to transfer approximately $8.5 million across three different blockchain networks.

At the time of this revelation, the Lazarus Group reportedly had control over 125 Bitcoin addresses, collectively holding 290 BTC. Each of these wallet addresses contained between one and three BTC, further emphasizing the scale of their cryptocurrency holdings.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Share link:

Benson Mawira

Benson is a blockchain reporter who has delved into industry news, on-chain analysis, non-fungible tokens (NFTs), Artificial Intelligence (AI), etc.His area of expertise is the cryptocurrency markets, fundamental and technical analysis.With his insightful coverage of everything in Financial Technologies, Benson has garnered a global readership.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Subscribe to CryptoPolitan