North Korea Targeted South Korean Cryptocurrency Users and Exchange in Late 2017 Campaign
Contents
North Korea Targeted South Korean Cryptocurrency Users and Exchange in Late 2017 Campaign
Key Judgements
- North Korean government actors, specifically Lazarus Group, continued to target South Korean cryptocurrency exchanges and users in late 2017, before Kim Jong Un’s New Year’s speech and subsequent North-South dialogue.
- This campaign also targeted South Korean college students interested in foreign affairs and part of a group called “Friends of MOFA” (Ministry of Foreign Affairs).
- The malware employed shared code with Destover malware, which was used against Sony Pictures Entertainment in 2014 and the first WannaCry victim in February 2017.
- The dropper in this campaign exploited a known Ghostscript vulnerability, CVE-2017-8291. The exploit implementation includes Chinese terms possibly signifying an attempted false flag or a Chinese exploit supplier.
Executive Summary
North Korea continued to target South Korea through late 2017 with a spear phishing campaign against both cryptocurrency users and exchanges, as well as South Korean college students …
Key Judgements
- North Korean government actors, specifically Lazarus Group, continued to target South Korean cryptocurrency exchanges and users in late 2017, before Kim Jong Un’s New Year’s speech and subsequent North-South dialogue.
- This campaign also targeted South Korean college students interested in foreign affairs and part of a group called “Friends of MOFA” (Ministry of Foreign Affairs).
- The malware employed shared code with Destover malware, which was used against Sony Pictures Entertainment in 2014 and the first WannaCry victim in February 2017.
- The dropper in this campaign exploited a known Ghostscript vulnerability, CVE-2017-8291. The exploit implementation includes Chinese terms possibly signifying an attempted false flag or a Chinese exploit supplier.
Executive Summary
North Korea continued to target South Korea through late 2017 with a spear phishing campaign against both cryptocurrency users and exchanges, as well as South Korean college students …