The South Korean National Police Agency’s Cyber Bureau, in conjunction with local police, have arrested five cyber punks who were behind a hacking effort that targeted well over 6,000 computers. According to a joint statement by the law enforcement offices, the thieves had installed cryptocurrency mining malware on the computers through a mass email blast, which was ultimately received by 32,435 addresses. With a little luck, the group won’t see daylight for a considerable amount of time.
The group was led by Kim Amu-gae, a 24-year-old South Korean. From October to December of last year, the five criminals posed as employers and sent the malware as a response to a job applicant’s email.
The hackers were able to illicitly access over 30,000 email addresses of jobseekers by stealing data from large-scale conglomerates in the South Korean technology sector. They would then send emails to the individuals, posing as recruitment agents or potential employers.
Those emails contained malware wrapped inside documents or files sent to the applicants. Believing the email to be coming from a legitimate employer, the individuals were duped into opening the attachments, which installed the malware. 6,000 computers had the malware removed autonomously three to seven days following infection due to the presence of advanced anti-virus software.
According to the local police, “Because cyber security firms and anti-virus software operators responded quickly to the distribution of mining malware, the group of hackers were not able to generate a significant revenue from their operation. In most cases, anti-virus software detected the malware within three to seven days. If the malware was detected, the hackers sent new malware, but it was detected again by anti-virus software.”
The thieves spent a lot more resources than they were able to collect as their bounty,