North Korean hacking activities directed at Seoul’s financial system, particularly cryptocurrency exchanges, appear to be gathering pace, a new report warns. It is titled “North Korea Targeted South Korean Cryptocurrency Users and Exchange in Late 2017 Campaign” and is the work of U.S.-based cybersecurity firm Recorded Future.
The report points to Lazarus Group as the actor responsible for the hacking campaigns. Recorded Future says the group targeted South Korean cryptocurrency exchange Coinlink by using the same malware code employed in the Sony Pictures security breach and the global WannaCry ransomware attack.
The report reads:
“North Korean government actors, specifically Lazarus Group, continued to target South Korean cryptocurrency exchanges and users in late 2017, before Kim Jong Un’s New Year’s speech and subsequent North-South dialogue. The malware employed shared code with Destover malware, which was used against Sony Pictures Entertainment in 2014 and the first WannaCry victim in February 2017.”
According to the researchers, North Korean hackers shifted their focus to Seoul’s financial sector at the start of 2016 to raise money for the impoverished communist regime. By early 2017, the attacks had focused on cryptocurrencies, the report says.
The first victim of the North Korean cyber attacks was the Bithumb digital currency exchange, which lost nearly $7 million in Bitcoin and Ether on February 27. The Recorded Future research team link the attack to “actors” in the North.
Early this month, we reported that a hacking unit named “Andariel," which has links to Pyongyang, targeted a corporate server in Seoul and mined 70 units of Monero. The hackers were able to steal an estimated $26,000 through this attack.
In December last year, an editorial in The Korea Herald accused North Korea of zeroing in on the “rapidly increasing” cryptocurrency market in a bid to raise cash.
"The latest North Korean cyber heists confirm that the rogue regime is shifting its hacking-for-money operation into a higher gear, as it badly needs hard currency in the face of international economic sanctions imposed over its nuclear and missile programs."
Digital currencies (including Bitcoin) stolen in Pyongyang's cyber warfare are easily traded, laundered, and ultimately funneled back into North Korea to sustain its destitute economy, according to the article.
Lee Dong-geun, chief analyst at Seoul-based Korea Internet Security Center, said that North Korean hackers have effectively shifted their operations to financial targets from the usual government installations.
Lee noted that attack threats from the North now loom “very large over the private sector” after the initial focus on traditional government and national defense targets. “They are primarily after information for financial ends,” he added.