North Korean hackers are constantly discovering new ways to steal Bitcoin from unsuspecting victims, as they have resorted to stealing cryptocurrencies from investors and individual people as part of a new strategy pursued by Pyongyang to mitigate the impact of international sanctions.
Targeting individuals who own virtual currencies such as Bitcoin represents a departure from its previous methods, which targeted platforms and financial institutions, and analysts say the shift indicates that North Korea is seeking a new source of income in light of the sanctions targeting its nuclear program.
North Korean hackers previously attacked trading platforms directly, targeting employees at exchanges, but now they are attacking cryptocurrency users directly, as North Korea is suffering from a difficult economic situation in light of the United States, the United Nations, and other countries imposing sanctions on the North Korean economy, Cryptocurrencies have become seen as a good opportunity.
Simon Choi, founder of electronic warfare research group IssueMakersLab.
Kwon Seok-Chul, CEO of South Korean cybersecurity company Cuvepia, explained that his company has discovered more than 30 cases since April 2017 in which suspected North Korean hackers had attacked people who owned the cryptocurrency Bitcoin.
They are just simple investors who invest in cryptocurrency.
Simon Choi.
Adding that some cases may not have been discovered and that the real number may exceed 100, as no one can file any complaints when it comes to such hacks, hackers are increasingly making hacks into cryptocurrencies.
Hackers usually send emails to victims containing a text file, which when opened infects the computer with malicious code that gives them control of the device.
Simon Choi explained that the shift towards attacking individuals may be a response to financial institutions strengthening their security against cyber attacks.
They have had successes and continue to advance, but during that period, financial institutions have become accustomed to attacks and have somewhat strengthened their security, and direct attacks on exchanges have become more difficult, so hackers are considering moving instead to individual users who have weak security.
Simon Choi.
Although antivirus software pioneer John McAfee claimed to have created an unhackable Bitcoin wallet, Bitcoin and other cryptocurrencies have become a lucrative commodity for cybercriminals around the world.
A 2017 investigation by Reuters found that more than $6 billion in Bitcoin had been stolen from exchanges since 2011.
Relatively wealthy South Koreans, such as corporate CEOs, have recently made up most of the victims of North Korean hacking, as they believe they can benefit from billions in foreign currency if CEOs of wealthy companies and heads of organizations are targeted instead of ordinary people.
North Korea is believed to have placed one of the world’s largest hacker armies under the command of its shadowy spy agency called the General Reconnaissance Office.
In November 2018, Russian cybersecurity firm Group IB issued a report accusing North Korean hackers of stealing US$571 million from five cryptocurrency exchanges since 2017.
Including the South Korean platform YouBit and the Japanese platform Coincheck, Group IB tracked the attacks of the Lazurus group responsible for carrying out the hacking of the Japanese company Sony Pictures in 2014.
The hackers behind these attacks were able to collect information that allowed them to target individual cryptocurrency users. It is possible that through previous hacks they were able to collect information related to the email addresses and names of users who use these platforms.
Luke McNamara, analyst at cybersecurity company FireEye
North Korea has demonstrated a willingness to identify its targets, which is one of the most effective weapons in a hacker’s arsenal. When North Korea can understand and know its goals, it becomes able to formulate methods and lures specific to those organizations or entities that it pursues.