North Korean hackers target Bitcoin to bypass US and China sanctions, claim researchers

Hackers linked to regime have hacked at least three South Korean cryptocurrency exchanges, cybersecurity firm says

Samuel Osborne
Wednesday 13 September 2017 08:36 BST
Comments
North Korean leader Kim Jong-Un and his wife Ri Sol-Ju attend an art performance dedicated to nuclear scientists and technicians, who worked on a hydrogen bomb which the regime claimed to have successfully tested, at the People's Theatre in Pyongyang
North Korean leader Kim Jong-Un and his wife Ri Sol-Ju attend an art performance dedicated to nuclear scientists and technicians, who worked on a hydrogen bomb which the regime claimed to have successfully tested, at the People's Theatre in Pyongyang

North Korean hackers are increasingly targeting Bitcoin as a way to circumvent international sanctions, researchers have claimed.

Hackers linked to the regime have hacked into at least three South Korean cryptocurrency exchanges to steal Bitcoin this year, a report by cybersecurity firm FireEye said.

The UN Security Council has agreed to impose new sanctions on North Korea following its sixth and largest nuclear test, banning textile exports and capping fuel supplies, but such measures may mean North Korea focuses its efforts on generating revenue through cybercrime.

Key moments in North Korea's nuclear programme

North Korea has been observed using cybercrime to steal money by targeting banks in the past, the report notes.

“Now, we may be witnessing a second wave of this campaign: state-sponsored actors seeking to steal Bitcoin and other virtual currencies as a means of evading sanctions and obtaining hard currencies to fund the regime,” Luke McNamara, the report's author, wrote.

Mr McNamara said North Korea's secretive Office 39, which is thought to be involved in generating black market funds through gold smuggling and counterfeiting foreign currency, could be linked to the hackers.

His report noted how escalating sanctions against North Korea were associated with an increase in spearphishing campaigns and malware attacks targeting South Korean Bitcoin exchanges.

Spearphishing involves targeting personal email accounts of employees at the digital currency exchange, then using their passwords to gain access to the company's network.

From there, the hackers can steal Bitcoin or withdraw the cryptocurrency as South Korean won or US dollars.

"It should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise," Mr McNamara wrote.

"While at present North Korea is somewhat distinctive in both their willingness to engage in financial crime and their possession of cyber espionage capabilities, the uniqueness of this combination will likely not last long-term as rising cyber powers may see similar potential.

"Cyber criminals may no longer be the only nefarious actors in this space."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in