SEOUL – THURSDAY 8 NOVEMBER 2018 – The Korean National Police Agency Cyber Bureau announced that a group of five hackers led by 24-year-old Kim Amy Gae promoted a list of over 32,000 emails injected with crypto mining malware targeting 6,000 computers in South Korea.
According to the official report, the hacking group managed to pull this scheme, by gathering email addresses of desperate IT specialists that were at the time, between October and December of 2017, looking for a new job in the hi-tech sector, applying for various opportunities using various web portals, including those with minimal security or data protection protocols.
How They Did It
The group allegedly used these emails to send tens of thousands of infected emails pretending to be replies from the respective employer company and/or recruitment bureau.
Unaware users who intentionally downloaded any attached files or documents would agree to install a cryptocurrency mining malware, that would utilize each user’s processing power for the benefit of the hacking group, literally mining cryptocurrency in the background, while making sure, the mined assets are transferred to a third account determined by the malware.
While most of the thousands of infected computers were disposing the virus within a couple of days due to advanced anti-virus software installed on the machines, the authorities in collaboration with local cybersecurity firms managed to track, diagnose, and treat the remaining computers accordingly.
“Because cyber security firms and anti-virus software operators responded quickly to the distribution of mining malware, the group of hackers were not able to generate a significant revenue from their operation. In most cases, anti virus software detected the malware within three to seven days. If the malware was detected, the hackers sent new malware, but it was detected again by anti-virus software,” the South Korean authorities said.
While the ambitious group managed to penetrate into over 6,000 active personal computers, it was only able to generate a couple thousand US dollars in total profit before their operation was seized by the Police.
“Crypto jacking significantly reduces the performance of computers and if exposed to institutions, it could have a serious effect on society. PC users must have secure anti-virus software in place and update browsers frequently. Also, if the performance of a computer suddenly drops, users will have to suspect the presence of mining malware,” an investigation close to the case told South-Korean media outlet Hani.
Is Hacking Crypto Even A Possibility?
That could be one of the largest crypto-related hacking activities of the year if they managed to pull it off with style, but thanks to the modern standards of local authorities and up-to-date anti-virus software firms it was nothing more than a tiny pinch; especially if we compare it to the recent Coincheck hack in Tokyo, where an extremely capable group of hackers stole over half a billion in US dollars worth of NEM Cryptocurrency.
While the Japanese crypto exchange market eventually repaid their customers, the initial funds are now lost forever, as the authorities have frozen the receiving wallet.
Concluding, while the Japanese hackers managed to remain anonymous, they won’t be able to use their stolen funds in the future, resulting in a failed attack.
Is your country up-to-date with international cybersecurity standards? Do you think hacker attacks aiming for a fast crypto-fix could penetrate your computer?
Let me guys know your thoughts on Twitter.
Reporting for Crypto Gazette, Ross Peili.
