U.S.-based cybersecurity firm FireEye recently published a report in which researchers reveal details of a campaign led by state-sponsored North Korean hackers that are allegedly attempting to steal Bitcoin from the South’s exchanges, in an attempt to, presumably, fund Kim Jong Un’s regime.
According to the report, North Korea’s move should come as no surprise, given that the pariah state is cut off from the global economy, and that tensions with its neighbors have recently been on the rise – just this Tuesday, the U.N. Security Council approved fresh sanctions against the country, after it conducted its sixth and biggest nuclear test yet.
The report reads:
“With North Korea’s tight control of its military and intelligence capabilities, it is likely that this activity was carried out to fund the state or personal coffers of Pyongyang’s elite”
At least three South Korean exchanges hit
FireEye goes on to state that, since May 2017, they’ve seen at least three South Korean Bitcoin exchanges get hit by spear-phishing campaigns from North Korean actors, with the intent of stealing funds.
The phishing attempts often target exchange employees, use tax-theme lures, and deploy malware that has been linked to North Korean actors, as it`s been used to attack banks all over the world last year. Although researchers didn’t name the three Bitcoin exchanges, they pointed to multiple attacks, including one on South Korean exchange Yapizon in April, in which the exchange lost over $5 million in user funds due to four wallets being compromised. A mere four days later, researchers point out, the U.S. announced an increase in sanctions, a factor that could be driving North Korea’s interest in Bitcoin and other cryptocurrencies.
Later on, in early May, hackers launched a spear-phishing campaign against one of the unnamed exchanges, while later on in the month they managed to compromise another exchange. The compromised exchange is believed to be Bithumb, who according to reports lost “hundreds of millions” of Korean won, as well as personal user data.
It’s possible that after stealing Bitcoin from these exchanges, North Korean hackers attempt to launder the cryptocurrency into hard cash. According to FireEye’s report, after compromising an exchange, the hackers can then swap Bitcoin for other, more anonymous cryptocurrencies, so they can then withdraw them to fiat via other exchanges.
The report adds:
“As the regulatory environment around cryptocurrencies is still emerging, some exchanges in different jurisdictions may have lax anti-money laundering controls easing this process and make the exchanges an attractive tactic for anyone seeking hard currency.”