North Korean ‘Crypto Hackers Targeted S Korean Ministers’ – What Do We Know?

North Korean crypto hackers “targeted South Korean ministers” in a campaign last year, Seoul-based police officials have claimed.

According to Dong-a Ilbo, police officials took control of a server they claimed was used during the attempted attacks.

And officers said they had “found two cryptocurrency wallet addresses” on the server.

They claimed that transactions worth almost $1,600 had been made using these wallets.

A police official stated:

“We are continuing to investigate to see whether or not this [campaign] was an attempt to steal [funds].”

Seoul has blamed Pyongyang for a number of high-profile attacks on South Korean crypto targets.

And Seoul has long claimed that the North targets include major exchanges south of the DMZ, as well as individual crypto users.

A branch of the National Police Agency said the server contained evidence that “the North Korean hacking organization Kimsuky had sent phishing emails to South Korean officials in mid-2022.”

These officials include “foreign affairs and security experts,” as well as “former and current high-ranking officials.”

Who Did Alleged North Korean Crypto Hackers Target?

The agency gave details about nine people who had allegedly been targeted in the attacks.

These targets allegedly included “two former ministerial-level officials, one vice-ministerial-level official, four academic experts, one incumbent executive-level official, and one journalist.”

And Kimsuky allegedly lured dozens more security experts onto what turned out to be a phishing site.

Police said this was done in a bid to obtain sensitive information.

In some cases, the alleged hackers appear to have posed as students or people seeking professional opinions on work they had done.

The police said that the campaign had been conducted “from April to July last year,” at around the time of the inauguration of President Yoon Seok-yeol’s government.

The news comes shortly after the security provider Sentinel Labs reported that Kimsuky was “specifically targeting expert analysts of North Korean affairs.”

The firm claimed that Kimsuky had “impersonated” the English-language, North Korea-focused media outlet NK News.

And it said Pyongyang was “stealing NK News credentials.”

Security experts have also claimed that “a North Korean hacking group” is behind the recent theft of $35 million from the crypto wallet platform Atomic Wallet.

The analytics firm Elliptic claimed that the stolen funds had been moved to the crypto mixer Sinbad – thought to be a reboot of the Blender coin mixing platform.

Source