South Korea Detains Alleged Chinese Hacker Accused of Stealing Tens of Millions of Dollars from Victims

South Korean authorities have successfully extradited a Chinese national, known only as Mr. G, who is suspected of orchestrating a highly sophisticated hacking operation targeting high-profile individuals and financial institutions. The 34-year-old suspect was repatriated from Bangkok, Thailand, on August 22, 2025, following a four-month international manhunt that culminated in his arrest for allegedly stealing over 38 billion won (approximately $28.5 million) from victims’ financial and virtual asset accounts. The criminal organisation, primarily operating from overseas offices in Thailand, executed a complex multi-vector attack campaign from August 2023 to January 2024. Their primary methodology involved infiltrating mobile carrier websites and other online platforms to harvest personal information from wealthy individuals, celebrities, corporate executives, and venture company representatives. Using this stolen data, the hackers gained unauthorised access to victims’ banking accounts and cryptocurrency wallets, systematically transferring assets without detection for months.

The technical sophistication of the operation became evident through its multi-stage infection mechanism, which heavily relied on exploiting vulnerabilities in mobile carrier authentication systems. The malware initially gained entry through compromised web portals, where attackers injected malicious scripts designed to harvest user credentials and session tokens. Once inside the network perimeter, the malicious code established persistent backdoors using encrypted communication channels to maintain long-term access. The persistence tactics employed by this threat actor demonstrated advanced knowledge of system administration and network security protocols. The malware utilised a combination of registry modifications and scheduled task creation to ensure continuous operation across system reboots. Code analysis revealed the use of obfuscated PowerShell scripts that executed at regular intervals, checking for network connectivity and dynamically updating command-and-control server addresses. Detection evasion mechanisms included the implementation of anti-analysis techniques such as environment checking, sandbox detection, and runtime packing, with the malware consistently modifying its file signatures and employing living-off-the-land techniques. 

Categories: Cybercrime, Hacking Techniques, Extradition 

Tags: Extradition, Hacking, Malware, Cybersecurity, Financial Institutions, Social Engineering, Vulnerabilities, Authentication, Network Security, Asset Theft