Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber Heist. Show all posts

North Korea Implicated in $50M Upbit Cyber Heist

 


According to South Korean investigators, the Upbit cryptocurrency heist that resulted in the theft of $50 million worth of Ethereum in 2019 was carried out by North Korean hacker groups Lazarus and Andariel, which are related to the Reconnaissance General Bureau, the leading intelligence organization within the DPRK. There are three months left until the 5th anniversary of the attack on Upbit, one of the world's leading crypto exchanges in South Korea. 

An amount of 342,000 Ethereum, valued at approximately $147 per ether, was stolen from the exchange's hot wallet during the incident. Taking into account the current exchange rate, the stolen stash would have been worth around 1.47 trillion won today, or about $1.04 billion. A hot wallet, which is constantly connected to the internet as part of its operational function, is more at risk of cyberattacks than cold wallets because of this connection. 

To evade detection, hackers frequently use multiple blockchain wallets to store stolen assets, which is a common method they use to obscure a trail of stolen information. It was immediately suspended removals and deposits, the exchange's remaining funds were secured, and users were reassured for their losses that they would receive full compensation from the company. 

A recent Upbit hack has highlighted the important role that international collaboration plays in reducing state-sponsored cybercrime in the cryptocurrency sector and addressing the issue at hand. The government, industry leaders, and cybersecurity firms need to get together and establish a global framework for the protection of digital assets and the pursuit of those who seek to harm them. 

In the summer of 2018, hackers were successful in infiltrating Upbit's hot wallet and transferred approximately 342,00( ETH (at the time worth 8.5 billion won or around USD 7 million) to a wallet known to them. In the wake of this breach, the security of centralized exchanges and the protocols they use for protecting the digital assets of their users has been raised immediately as a concern. Despite their convenience for instant transactions, hot wallets are more vulnerable to cyberattacks because they are connected to the Internet. 

The incident at Upbit made it apparent how dangerous these storage solutions can be in the long run. After recognizing the hack and moving the remaining user funds to cold walletsomfine storage solutions that are considerably more difficult to breach, Upbit swiftly responded and immediately acted upon the discovery of the hack. As a result of this proactive action, there were no further losses and a demonstration that the exchange is prepared for situations like this. 

Upbit has taken steps to protect its users from further loss as soon as the breach was detected, providing a detailed account of the extent of the loss and the steps being taken to resolve the matter. Users' trust needed to be maintained during the crisis by maintaining transparency. Several investigative agencies, including the National Intelligence Service (NIS) of South Korea and other intelligence agencies, have confirmed that North Korea has been involved in the attack after an extensive investigation. 

It appears that the hackers infiltrated Upbit's systems using sophisticated phishing tactics, social engineering, and advanced malware techniques to compromise its sensitive data. The Lazarus Group, also known as LG Group, is one of the most infamous cybercrime groups linked to North Korea. With at least ten years of cyber experience, the group has gained notoriety for a wide array of activities, including hacking, data theft, and espionage. 

To circumvent international sanctions, it is believed that this group is financing North Korea's nuclear and weapons programs through the activities it performs. There is a strong suspicion that the breach was caused by North Korea's Lazarus Group, which is notorious for its cyber espionage and financial theft operations. One of the most high-profile attacks in recent months has been the WannaCry ransomware attack in 2017 and the Bangladesh Bank heist in 2016. 

The group has been linked to several high-profile hacking attacks. Five-sevenths (57%) of the stolen Ethereum has been sold at a discount of 2.5% on three exchanges that are run by the North Korean government, with the remainder of the stolen Ethereum being laundered through 51 overseas exchanges of this type. Cryptocurrency exchanges in Switzerland have been storing some of the stolen Ethereum in the form of Bitcoin. 4.8 Bitcoin, valued at nearly 600 million won, were found by the South Korean authorities after four years of legal proceedings. 

The Bitcoins were returned to Upbit in October 2024 after a four-year legal procedure. A copycat crime may be prevented by police withholding details of the North Korean hacking operation's techniques because of the risk of copycats, but police emphasize that the operation was unprecedented in scope and sophistication. At the same time, the Financial Intelligence Unit (FIU) of the Republic of Korea is investigating Upbit's operations in light of issues related to possible non-compliance with KYC regulations.

Reports suggest that there were 500.000 to 600,000 cases in which the exchange failed to verify customer identity due to problems with identification documents and incomplete information provided by the customer. If regulators discover these lapses, they may take action against the company. As a result of years of experience and ongoing research, the Lazarus Group and similar outfits have refined their method to target prominent crypto platforms across the globe. 

An instance of the group's involvement was linked to the hacking of the Indian exchange WazirX, in which $230 million had been stolen. Even though international sanctions have been placed on the North Korean government and efforts have been made to shut down the country's operations, there is a persistent effort to exploit crypto vulnerabilities through various techniques. 

The accounts of these groups have been estimated to have stolen over $7 billion in crypto over the past seven years, a great deal of which was used to fund North Korea's nuclear weapons program. .ANdariel is another group of cybercriminals operating under the aegis of North Korea's Reconnaissance General Bureau that operates as a subdivision of the notorious Lazarus Group, known for its high level of sophistication.  In addition to financial cyberattacks, Andariel is also known for hacking banks, ATMs, cryptocurrency platforms, and other online platforms. 

The group's operations in North Korea are considered a major part of the country’s illicit revenue generation efforts, with most of the activities focused on circumventing international sanctions. Using advanced malware and hacking techniques, the group has penetrated networks and stolen financial assets. In contrast to the Lazarus Group, which is recognized for its large-scale cyber campaigns often tied to political agendas, Andariel follows a more precise and profit-driven approach. 

Rather than pursuing widespread disruption or ideological objectives, Andariel focuses on carefully selected targets to maximize financial rewards. Their operations are characterized by calculated tactics designed to exploit specific weaknesses for economic gain. This differentiation underscores the varied methodologies employed by cyber actors, even within the same network, each aligning their activities to distinct priorities and outcomes.

Cyber Heist: Rs 40 Crore Taken from IndusInd Bank

 


According to Maharashtra Cyber, which reported the recovery of 31.89 crores out of 40 crores allegedly fraudulently transferred from IndusInd Bank to 20 different mule accounts on Friday, the agency said. As a result of the fraud, more than $4.2 million were stolen from ATMs around the country, while police are still looking for the remaining $2.87 million. 

It has been reported that IndusInd Bank in Mumbai has reported a loss of Rs 40 crore as a result of an unauthorized transaction which took place on their network. Maharashtra Cyber Police, responsible for detecting and responding to cyber frauds in the state, has managed to recoup Rs 32 crore as a major achievement in one of the state's largest cases of cyber fraud. According to the bank's Hyderabad branch manager, he is being held responsible for making unauthorized transactions on behalf of the bank. 

By improving the reporting process through the National Cybercrime Reporting Portal (NCCRP), the Maharashtra Cyber Police were able to take swift action on the report of the cybercrime within a short period. With such a prompt response, the authorities were able to track down and freeze the fraudulent accounts in a short period. In addition to the fraudulent transactions, the Hyderabad branch manager also made two significant transfers of Rs 15 crore and Rs 25 crore with no authorization from the Mumbai head office on whether these transfers should be carried out. 

A total of nearly 20 accounts were involved in the disbursement of the funds. Even though the Hyderabad police department registered the FIR, it was Mumbai that originally made the complaint. The team’s efforts and process continued, resulting in blocking a total of ₹32.89 crore till July 25 in 11 bank accounts in India. The fraud managed to withdraw ₹4.24 crore from different ATMs of the bank, said Shintre. Efforts are still on to recover the remaining money,” he added. 

The amount was transferred to different banks from the Hyderabad branch, so an FIR has been registered there, and the Hyderabad police are investigating the case. After the Maharashtra Cyber Police team got wind of the complaint on July 19, one of its officers explained that the team immediately started pursuing the matter. In coordination with all finance intermediaries responsible for the processing of the money, they were able to place a hold on approximately Rs 31 crore by 6 PM on the same day. 

IndusInd Bank's Bandra Kurla Complex branch, which is located at the Bandra Kurla Complex (BKC), was alerted to the fraud through their helpline number after informing the cyber police about the fraudulent transactions. It was only after the cyber police took action that they were able to freeze the accounts worth 312.890 crores, which were held in various banks. According to the report, the team noticed on July 19 that there has been significant fraud involving transactions amounting to approximately $40 crore that have been reported. 

Following the realisation of the urgency of the situation, a team was immediately formed, and the following morning a follow-up process was initiated and immediate coordination was initiated with the appropriate financial intermediaries involved in the transactions. This resulted in an approximate saving of approximately 31 crores by 6 pm that day," said Shintre. A total of 31.89 crores of currency worth 32.89 crores were blocked from 11 bank accounts in India as a result of the team's work and process up until July 25. 

Shintre informed the press that the fraudster was able to withdraw a total of Rs.4.24 crore from ATMs across the bank. The team is constantly working on recovering the remaining money to get it back," he stated. It is believed that the money from the Hyderabad branch was transferred to different banks, which is why an FIR was filed there, and the Hyderabad police are presently investigating the situation. 

In the past three and a half years, Maharashtra Cyber has received 281,019 reports of cyber fraud, resulting in a staggering loss of approximately ₹3,325 crore to complainants across the state. During this period, efforts by the Cyber Police have successfully blocked and safeguarded around ₹358.77 crore in transactions through banking channels. 

The scale of the issue is reflected in the daily volume of calls received by Maharashtra Cyber's helpline number, 1930, which averages between 4,000 and 5,000 calls. To manage this influx, the organization operates 20 functional lines manned by a dedicated workforce of over 110 individuals working round-the-clock. A specialized team of 10 personnel focuses exclusively on follow-up procedures, liaising directly with banks and law enforcement agencies to expedite the resolution of complaints. 

Additionally, Maharashtra Cyber has implemented dedicated Artificial Intelligence (AI) units across various branches. These units facilitate data analysis, pattern recognition, digital forensics, and behavioural analysis, significantly aiding investigators in their efforts. From 2021 to July 26, 2024, the helpline recorded a total of 281,019 complaints, resulting in the recovery of ₹3,324.90 crore from fraudulent transactions, with an additional ₹358.77 crore placed on hold. This underscores the effectiveness and commitment of Maharashtra Cyber in addressing and mitigating cybercrime incidents. Ongoing investigations are aimed at ensuring compliance with RBI regulations and enhancing internal banking checks to prevent future occurrences.