Story image

North Korea's cyber attacks against South Korean cryptocurrency exchanges failed

03 Oct 17

South Korean police have completed investigations into North Korea’s alleged attempts to steal cryptocurrency from four South Korean Bitcoin exchanges.

The translated statement by police says that the thefts targeted 25 employees at the exchanges, however the attackers were not successful. Hackers used phishing emails and malware attachments to attempt the hacks.

Earlier this month, FireEye researcher Luke McNamara speculated that the North Korean threat actors may be state-sponsored. The actors targeted three cryptocurrency exchanges since May 2017, he says.

The spearphishing attacks targeted personal email accounts of employees at the cryptocurrency exchanges, often under the guise of tax lures and malware such as PEACHPIT.

“The ties between North Korean operators and a watering hole compromise of a bitcoin news site in 2016, as well as at least one instance of usage of a surreptitious cryptocurrency miner, and we begin to see a picture of North Korean interest in cryptocurrencies, an asset class in which bitcoin alone has increased over 400% since the beginning of this year,” McNamara says.

He speculates North Korea is growing increasingly interested in cryptocurrencies thanks to heavier economic sanctions placed on the country by the United States.

North Korea has also reportedly been experimenting with ATM malware attacks.

Some countries have weak anti-money laundering laws, particularly as the countries are only starting to consider cryptocurrency regulation frameworks. He believes the lack of regulation makes them an easier target for cyber thieves.

“If actors compromise an exchange itself (as opposed to an individual account or wallet) they potentially can move cryptocurrencies out of online wallets, swapping them for other, more anonymous cryptocurrencies or send them directly to other wallets on different exchanges to withdraw them in fiat currencies such as South Korean won, US dollars, or Chinese renminbi,” he explains.

If actors can compromise a cryptocurrency exchange instead of a single account or wallet, they are able to move cryptocurrencies out of online wallets, swap them for other currencies or send them to wallets on different exchanges.

“While at present North Korea is somewhat distinctive in both their willingness to engage in financial crime and their possession of cyber espionage capabilities, the uniqueness of this combination will likely not last long-term as rising cyber powers may see similar potential. Cyber criminals may no longer be the only nefarious actors in this space,” McNamara concludes.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.