Just recently, North Korean hackers were discovered by security experts attempting to steal virtual currencies, allegedly, to support Kim Jung Un’s regime.
Most recent reports claim that North Korean hackers are intensifying their cyber attacks to steal virtual currencies and amass massive funds for North Korean leader Kim Jung Un‘.
The Democratic People’s Republic of Korea (DPRK) was said to have shown a keen interest in cryptocurrencies amidst United States’ efforts to seek international sanctions and further isolate this “hermit kingdom.”North Korean hackers found by #FireEye attempting to steal #Bitcoins from neighboring South Korea!Click To Tweet
“Sanctions against North Korea are likely to fuel their cybercrime activity,” said Bryce Boland, Singapore-based chief technology officer with FireEye said in a statement to CNN. “Attacks on cryptocurrency exchanges can be a great vehicle to obtain what is ultimately hard currency.”
North Korean Hackers’ Attempt at Stealing Bitcoins
According to FireEye, a U.S.-based security firm, they have been monitoring actors they believed to be related to North Korea since 2016. In a post the company published on their website, they said:
“In 2016 we began observing actors we believe to be North Korean utilizing their intrusion capabilities to conduct cyber crime, targeting banks and the global financial system. This marked a departure from previously observed activity of North Korean actors employing cyber espionage for traditional nation state activities.
Yet, given North Korea’s position as a pariah nation cut off from much of the global economy–as well as a nation that employs a government bureau to conduct illicit economic activity–this is not all that surprising. With North Korea’s tight control of its military and intelligence capabilities, it is likely that this activity was carried out to fund the state or personal coffers of Pyongyang’s elite, as international sanctions have constricted the Hermit Kingdom.”
Further reports from FireEye cited three attacks against South Korean cryptocurrency exchanges that happened between May and July, all being linked to North Korean hackers. It was also said that the spike in the cyber attack activities began soon after the United States laid out its plan to pursue sanctions against North Korea.
“Since May 2017, we have observed North Korean actors target at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds.”
FireEye included a chronological timeline of North Korea’s activity against South Korea’s cryptocurrency exchanges:
- April 22 – Four wallets on Yapizon, a South Korean cryptocurrency exchange, are compromised. (It is worth noting that at least some of the tactics, techniques, and procedures were reportedly employed during this compromise were different than those we have observed in following intrusion attempts and as of yet there are no clear indications of North Korean involvement).
- April 26 – The United States announces a strategy of increased economic sanctions against North Korea. Sanctions from the international community could be driving North Korean interest in cryptocurrency, as discussed earlier.
- Early May – Spearphishing against South Korean Exchange #1 begins.
- Late May – South Korean Exchange #2 compromised via spearphish.
- Early June – More suspected North Korean activity targeting unknown victims, believed to be cryptocurrency service providers in South Korea.
- Early July – South Korean Exchange #3 targeted via spear phishing to personal account.
Why Steal Bitcoins and Other Cryptocurrencies?
The North Korean hackers, identified by FireEye as the TEMP.Hermit was also linked to other high-profile attacks, one of which was the Sony Pictures‘ hacking incident in 2014. Aside from that, they were also being tied to a cyberheist on Bangladesh’s Central Bank in which millions of dollars were stolen.
Now, why would these hackers take interest on Bitcoins and other cryptocurrencies?
It appears that while cryptocurrency exchanges seem like odd targets, some illicit endeavors that North Korea reportedly pursues aims at conducting financial crime on behalf of the country’s regime.
“North Korea’s Office 39 is involved in activities such as gold smuggling, counterfeiting foreign currency, and even operating restaurants. Besides a focus on the global banking system and cryptocurrency exchanges, a recent report by a South Korean institute noted involvement by North Korean actors in targeting ATMs with malware, likely actors at the very least supporting similar ends.
“If actors compromise an exchange itself (as opposed to an individual account or wallet) they potentially can move cryptocurrencies out of online wallets, swapping them for other, more anonymous cryptocurrencies or send them directly to other wallets on different exchanges to withdraw them in fiat currencies such as South Korean won, US dollars, or Chinese renminbi.
As the regulatory environment around cryptocurrencies is still emerging, some exchanges in different jurisdictions may have lax anti-money laundering controls easing this process and make the exchanges an attractive tactic for anyone seeking hard currency,” FireEye further explained.
Right now, South Korea is said to be in the process of drafting its regulation for the country’s Bitcoin exchanges. More or less, tightening its security to prevent these North Korean hackers from getting a hold of the millions worth of Bitcoin funds in their country.