Cybersecurity firm Recorded Future said malware used in the attacks was similar to that used in the Sony Pictures hack, the global WannaCry ransomware attack and the major cyberheist that hit Bangladesh’s central bank.
Based on the malware, Recorded Future said it believes attacks late last year on South Korean cryptocurrency exchanges and their users were carried out by Lazarus, a hacking group that has previously been tied to North Korea.
The malware was created in mid-October and November, just as bitcoin began surging to jaw-dropping heights, according to the report, which was published Tuesday. Other cryptocurrencies like ethereum and monero have also experienced massive jumps in value in recent months.
“This late 2017 campaign is a continuation of North Korea’s interest in cryptocurrency, which we now know encompasses a broad range of activities including mining, ransomware, and outright theft,” Recorded Future researchers Juan Andres Guerrero-Saade and Priscilla Moriuchi wrote.
The report didn’t say how successful the attacks, which included efforts to harvest cryptocurrency exchange users’ passwords, might have been.