FireEye Report Confirms North Korean Hackers Continue to Target Bitcoin Exchanges

Why Is North Korea So Interested in Bitcoin? « Threat Research Blog | FireEye Inc

Why Is North Korea So Interested in Bitcoin? « Threat Research Blog | FireEye Inc

North Korean hackers are increasingly targeting Bitcoin as a way to circumvent global sanctions, researchers have claimed. Since May 2017, we have observed North Korean actors target at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds.

His report noted how escalating sanctions against North Korea were associated with an increase in spearphishing campaigns and malware attacks targeting South Korean Bitcoin exchanges.

North Korea seems to be ramping up cyberattacks to steal Bitcoin and other cryptocurrencies that could be used to circumvent trade restrictions and worldwide sanctions and obtain hard currencies to fund the regime. The regime's Reconnaissance General Bureau, which directly reports to Kim Jong Un, handles peacetime cyber operations from espionage to network disruptions and employs an estimated 6,000 officers, according to a 2016 report from the International Cyber Policy Centre at the Australian Strategic Policy Institute.

It also banned the North's textile exports which are the second-biggest export for the country and worth $752 million, according to data from the Korea Trade-Investment Promotion Agency.

If actors compromise an exchange itself (as opposed to an individual account or wallet) they potentially can move cryptocurrencies out of online wallets, swapping them for other, more anonymous cryptocurrencies or send them directly to other wallets on different exchanges to withdraw them in fiat currencies such as South Korean won, U.S. dollars, or Chinese renminbi.

"It should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise", said Mr. McNamara.

Besides exchanges, FireEye said an English-language bitcoin news website was breached by North Korea, which would likely allow hackers to identify people visiting the site. And most researchers believe the WannaCry ransomware attack, which affected computers at major companies and public institutions worldwide in May, was carried out by North Korea. According to researchers from FireEye Inc. The hacking group was identified as TEMP.Hermit, a team which other security firms have blamed for such prominent attacks as the Sony Pictures infiltration and the Bangladesh central bank, the latter with tens of millions in crucial reserves missing.

FireEye said if the hackers wanted to convert bitcoin or ethereum into dollars or won, they'd likely first exchange them into harder-to-trace cryptocurrencies like Monero and then into fiat currency. "There are variety of things they could do to cash out".

Noticias recomendadas

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.