Cryptocurrency exchange
| Primary URL | Location | Industry | www[.]binance[.]com |
Country
North Korea
|
Financial Services
|
|---|
Profile
Theorganisation operates as a cryptocurrency exchange with its headquarters located in North Korea. As a digital asset platform it provides services that enable users to trade various cryptocurrencies and to store those assets in custodial wallets facilitated by the exchange. Its core function is to act as an intermediary that matches buy and sell orders for digital currencies, thereby offering liquidity and price discovery for the tokens it lists. While the specific range of supported coins or fiat‑on‑ramps is not detailed in the available material, the entity’s primary role aligns with that of a typical crypto exchange that serves traders seeking to acquire, dispose of, or hold blockchain‑based assets. The organisation’s geographic base in North Korea distinguishes it from many exchanges that are headquartered in jurisdictions with more established financial‑regulatory frameworks.
On 25 August 2020 the exchange was targeted by the Lazarus group, a North Korean‑linked advanced persistent threat actor, through a LinkedIn‑based phishing campaign that pretended to be a job opportunity from a blockchain company. A system administrator received a malicious Microsoft Word document presented as GDPR‑protected content; opening the file triggered macros that executed a backdoor via mshta.exe and fetched a VBScript hosted on a bit.ly link. This initial compromise allowed the attackers to establish command‑and‑control communication and to retrieve PowerShell payloads. The intrusion employed custom loaders, credential‑harvesting tools such as Mimikatz aimed at extracting financial data, and registry modifications using schtasks to maintain persistence on the infected host. In an effort to conceal their activity, the threat actors deleted security logs. The ultimate objective of the operation was to compromise the exchange’s cryptocurrency wallets and to use the foothold as a stepping stone for broader infiltration within the cryptocurrency sector’s supply chain.
