Suspected Chinese Hacker Arrested in South Korea for Allegedly Stealing Tons of Money in Millions from Victims
In a significant victory for international cybercrime cooperation, a Chinese national, identified as Mr. G, was extradited by South Korean authorities on August 22, 2025. Mr. G is suspected of orchestrating a sophisticated hacking operation that targeted high-profile individuals and financial institutions, resulting in the theft of over 38 billion won ($28.5 million).
The operation, which was executed by a criminal organization with overseas offices primarily in Thailand, relied heavily on exploiting vulnerabilities in mobile carrier authentication systems. The malware initially gained entry through compromised web portals, infiltrating mobile carrier websites and other web platforms to harvest personal information.
The malware utilized a combination of registry modifications and scheduled task creation to ensure continuous operation across system reboots. It employed living-off-the-land techniques, utilizing legitimate system tools like PowerShell and Windows Management Instrumentation. The malicious code established persistent backdoors using encrypted communication channels and consistently modified its file signatures to evade detection.
Detection evasion mechanisms included the implementation of anti-analysis techniques such as sandbox detection. Moj.go.kr analysts identified the attack as a multi-stage infection mechanism, employing sophisticated social engineering techniques. The attack pattern was identified as a coordinated effort utilizing both automated tools and manual intervention.
Using this stolen data, the hackers gained unauthorized access to victims' banking accounts and cryptocurrency wallets. Code analysis revealed the use of obfuscated PowerShell scripts that executed at regular intervals. The persistence tactics employed by this threat actor demonstrated advanced knowledge of system administration and network security protocols.
Korean authorities worked closely with Thai officials, Interpol, and the Southeast Asia Cooperation Network to track and apprehend the suspect within just four months of his entry into Thailand. The successful extradition of Mr. G represents a significant victory for international cybercrime cooperation, emphasizing the importance of global collaboration in combating cyber threats.
However, the international organization involved in the collaboration leading to the arrest was not mentioned in the search results. Therefore, based on the available information, the specific international organization cannot be identified.
