Posted on June 5, 2022 at 4:56 PM
A 30-year-old man has been arrested by the South Korean Police for reportedly stealing $660,000 worth of crypto assets using data he got from a popular social media network.
According to the report, the arrested man seemed to have retrieved a large part of data, including exchange login details and a crypto wallet. The data was leaked from a Naver Band channel, a service provided by internet giant Naver.
According to reports from officials, the man reportedly stole the crypto assets from 90 individuals, with one of them losing over $400,000.
The Information Was Leaked Accidentally
The information seemed to have been leaked accidentally by a group of admin. They mistakenly published a list of private details in a post that went public for a short time. However, it was enough for the accused person to pick the details. According to reports, he used the data to gain access to passwords, assessing the crypto wallets of the group for five months.
Reports from the Police revealed that the said man started the hacking campaign in January this year and continued until mid-May. He gathered more data from his victims within this period, using the data gathering tool as well as from more internet searches on the platform.
Officers revealed that after receiving a tipoff from an anonymous source, they raided his home and arrested him for questioning. After the initial arrest, the case was sent to the prosecution. The man has been charged with fraud violations under the terms of the Act on Aggravated Punishments. If the prosecution indicts the man, he could be facing a formal trial and criminal charges for the offense.
South Korean Police stated earlier that there is a high level of crypto-related crime in the country. According to recently released data, over 9,000 people in the country reported being a victim of crypto scams last year. This is extremely high, considering that in 2018 the number was only 388, according to the officers.
Cyber Attacks Surge In South Korea
South Koreans have received their share of hacking and data breaches in the last couple of months, both from independent hackers and state-sponsored ones.
Last month, the North Korea-backed Lazarus Group was seen exploiting the Log4Shell vulnerability in VMware Horizon servers. They deployed NukeSped implants and targeted locations in South Korea.
The threat actors took advantage of the VMware products that did not have a security patch to launch the attack, as reported by the AhnLab Security Emergency Response Center (ASEC).
Although the intrusions were discovered and taken down in April this year, several threat actors, including those with Iran and China, have started using the same strategy to continue their threat action over the past few months.
The NukeSped backdoor undertakes different malicious actions according to the commands it receives from the server controlled by the threat actor. The Kaspersky security researchers stated last year that hackers are increasingly using a spear-phishing attack that steals critical data from defense firms via the Nukesped variant known as ThreatNeedle.
The malware has also been discovered by other security researchers on several other campaigns. The main concern is the fact that the backdoor has been used successfully over the past few months, which will encourage more hackers to use it more.
The Nukesped Backdoor Has Multiple Functions
Some of the major functions of the backdoor include taking screenshots, capturing keystrokes, and gaining access to the device’s webcam while dropping additional payloads like information stealers. These activities make the backdoor very dangerous and more effective at taking full control of a targeted device.
On the other hand, the console-based utility stealer malware is designed to steal the user’s details and passwords, saving them in web browsers like Naver Whales, Opera, Internet Explorer, Mozilla Firefox, and Google Chrome. Additionally, they can exfiltrate information about Microsoft Office and Hancom files, as well as details about email accounts.
The threat actor retrieved additional details by using the Nukesped backdoor malware and sent line commands, according to the security researchers. Once collected, the attackers can use the gathered information on other attacks in the future. Additionally, the details can be shared with other hackers, which can multiply the level of threats to organizations in the future. Security researchers have categorized the backdoor as highly effective for the hackers and very dangerous to targets.