According to a CCN report, North Korean hackers are moving away from targeting crypto exchanges and instead stealing from individual crypto investors.
Sanctions against North Korea for its nuclear weapons programme alongside depleted reserves are behind the move says the South China Morning Post (SCMP). The hackers aim to boost the country’s financial well being by ignoring high-value financial institutions and robbing individuals. They do this by sending an email with infected file attachments. Once the victim downloads the files, a malicious script infects the computer and takes total control of the machine. After that, serious damage is inflicted on the unsuspecting person.
Simon Choi, founder of the cyber warfare research group IssueMakersLab, told the SCMP that they had confirmation of this new mode of attack. He said: “Direct attacks on exchanges have become harder, so hackers are thinking about alternatively going after individual users with weak security. They targeted staff at the exchanges, but now they are attacking cryptocurrency users directly. With the US, the UN and others imposing sanctions on the North Korean economy, North Korea is in a difficult position economically, and cryptography has come to be seen as a good opportunity.”
Kwon Seo-Chul, the CEO of Cuvepia, also commented on the story saying that his firm had found 30 instances of this type of attack coming from North Korea. He said, ““They are just simple wallet users investing in cryptocurrency. In fact, when cryptocurrencies are hacked, there is nowhere one can make complaints, so hackers are increasingly hacking into cryptocurrencies.”
So far, most of the people attacked have been wealthy South Koreans. Choi said this is because the hackers believe that if they target CEOs and those with plenty of assets, “they can cash out large sums faster.”
Kwon explained why the hackers are able to so easily target individuals and get away with it: “When cryptocurrency wallets are hacked, there is nowhere one can make complaints, so hackers are increasingly hacking into digital currency accounts,” which echoes what Choi said.
It is well known that Pyonyang has been using crypto for some time now to get around US sanctions and former NSA cybersecurity official Priscilla Moriuchi said the state was earning millions of dollars on a regular basis from its mining and crypto trading activities: ““North Korea has pursued other avenues for obtaining cryptocurrencies as well, including mining of both bitcoin and Monero, ransom paid in bitcoin from the global WannaCry attack in May and even commissioning a cryptocurrency class for North Korean students in November.”
While the hackers may be confining their efforts to South Korea for the moment, it may not be too long before they decide to extend their reach, so take care when opening emails.