Bloomberg news agency reports that North Korea appears to be stepping up efforts to secure bitcoin and other cryptocurrencies that can be used to avoid trade restrictions including new sanctions approved by the UN Security Council.
Bitcoin and other forms of virtual money – known as cryptocurrencies – appeal to North Korea as the USA pursues worldwide sanctions aimed at further isolating the country, according to a new report from FireEye.
Add to that the ties between North Korean operators and a watering hole compromise of a bitcoin news site in 2016, as well as at least one instance of usage of a surreptitious cryptocurrency miner, and we begin to see a picture of North Korean interest in cryptocurrencies, an asset class in which bitcoin alone has increased over 400% since the beginning of this year.
Because of its lack of control and secretiveness, bitcoin is a useful tool to accelerate North Korea’s military operations.
North Korea is suspected of intensifying cyber-attacks to steal virtual currency in order to obtain funds and avert tightening sanctions, according to security experts.
“[It] should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise”, the researchers wrote. In April, roughly $5.3 million in bitcoin was reported stolen from Yapizon, a prominent South Korean exchange. It declined to name the website and said it believes North Korea prefers larger targets like exchanges than individual owners of cryptocurrencies.
Early July – South Korean Exchange #3 targeted via spear phishing to personal account. FireEye identified the malware, known as PEACHPIT, and provided examples of documents it was attached to, including one published by Seoul-based Hyundai Research Institute about the state of bitcoin industries.
Hackers tied to North Korea are also suspected of carrying out a series of attacks on global banks that came to light past year. This marked a departure from previously observed activity of North Korean actors employing cyber espionage for traditional nation state activities. News reports also revealed that “hundreds of millions” of Korean won had been stolen from Bithumb. A similar technique was used last month to empty the bitcoin wallets related to WannaCry.
FireEye identified the North Korean group behind the bitcoin attacks as TEMP.Hermit.
“They could compromise an exchange and transfer those bitcoins to other exchanges elsewhere in Asia or exchange them for a more anonymous cryptocurrency”, said McNamara. After acquiring bitcoin or other cryptocurrencies, North Korea could then launder them on exchanges and get hard cash in return, as its main avenues for making money get cut off one by one.