North Korean Spearphishing Sets Sights on South Korean Cryptocurrency Targets
As bitcoin and other digital currencies emerge as a new and valuable asset class, North Korean cyber criminals are also realizing a new means of state funding.
Unhinging a Global Financial System
Kim Jong-Un has been featured in the news as exclusively an intemperate world leader with nuclear capabilities. His confrontations with President Trump have sparked global concerns as to a nuclear arms race with two imprudent leaders at the helm. Yet another feature of the pariah country is now emerging, of which has grave implications for the stability of the future of our financial institutions.
History of Cybercrime
It is no secret that North Korea has been deeply engaged in cyber espionage for Nation State purposes. In 2013, The Guardian reported a North Korean cyber attack on South Korea’s ministry of unification. The objective of said attack being the collection of, “highly classified intelligence on defense and security.” Earlier reports also suspected North Korea of targeting South Korean media companies, government agencies, and also state banks, however, officials identified North Korea as the culprit of the attack on the ministry.
Thus the move from spying on bordering countries to targeting the global financial system in attempts to fund the North Korean political elite comes at no surprise. The North Korean based hacker group known as Lazarus launched another attack in 2013 which shut down two banks (Shinhan Bank and Nonghyup), as well as three broadcast agencies (KBS, MBC, and YTN) in South Korea. A handful of cyber-security firms have also pointed out that banking systems have been the major focus of Lazarus since 2015.
In February of 2016, the group reportedly stole $101 million from Bangladesh’s central bank forcing bank governor Atiur Rahman to resign from his position. Lazarus conducted similar heists in both Vietnam and Ecuador.
North Korean Operators Target Cryptocurrencies
Since attracting the attention of a myriad cyber-security firms, North Korean hackers are now turning to stealing bitcoin and other virtual currencies. FireEye, another security firm, recently reported that “since May 2017, we have observed North Korean actors target at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds.” Specifically, malware disguised as tax information has been used to target personal email accounts of a number of workers at the cryptocurrency exchanges. Both pieces of malware, PEACHPIT and HANGMAN, have been linked to the same cyber-hackers responsible for the global bank attacks in 2016.
The reason behind North Korea’s growing interest in cryptocurrency is two-fold. The growing market price of the currency is the most important; bitcoin has shown a near 400 percent increase in value in this year alone. Secondly, on April 26, 2017, the Trump administration placed strict economic sanctions on the country in attempts to, “to pressure North Korea into dismantling its nuclear, ballistic missile, and proliferation programs.” The anonymity behind cryptocurrencies also makes them a convenient medium for conducting similar cyber crimes more efficiently.
Despite denying any connection to the banking and Sony attacks, South Korean officials report having, “considerable evidence of North Korea’s cyber warfare operations.” The U.S. government is also building a case for similar allegations against North Korea, however, there has been no conclusive evidence.
While governments work closely to establish regulations with which to monitor cryptocurrency transactions, cyber criminals worldwide are beginning to find their ways into growing swaths of money.
