North Korean hackers are reportedly targeting cryptocurrency exchanges in South Korea in an attempt to funnel money to Kim Jong Un’s dictatorship, after a new wave of United Nations sanctions threatens to choke the rogue regime’s cash flow.
Hackers linked to North Korea have stolen bitcoins from at least three South Korean cryptocurrency exchanges since May 2017, security firm FireEye revealed in a Monday report. As Pyongyang faces export and trade limitations -- due to sanctions such as those approved by the U.N. Security Council on Monday -- North Korean hackers are showing more interest in increasing bitcoin attacks.
“Now, we may be witnessing a second wave of this campaign: state-sponsored actors seeking to steal bitcoin and other virtual currencies as a means of evading sanctions and obtaining hard currencies to fund the regime,” the report stated.
Cryptocurrency attacks by North Korea were first detected in 2016, when observers noticed Pyongyang utilizing traditional cyber-spying techniques in an effort to steal millions in virtual currency. In April, four wallets on South Korean cryptocurrency exchange Yapizon were compromised, though FireEye noted it could not find a direct link to North Korea involvement in that incident. Yapizon announced in May it was hacked, losing 3,816 bitcoins – about $5.3 million – on April 22. The company did not disclose who it believed to be the culprit.
FireEye noted North Korean hackers were suspected of targeting cryptocurrency service providers in South Korea in early June. Spearphishing – fake emails – against South Korean exchanges were also uncovered in May and July.
Bitcoin value has increased more than 400 percent since the start of 2017. Cryptocurrencies lack state control and are secretive, giving North Korea the ability to launder money without being detected.
“As the regulatory environment around cryptocurrencies is still emerging, some exchanges in different jurisdictions may have lax anti-money laundering controls easing this process and [making] the exchanges an attractive tactic for anyone seeking hard currency,” the report said.
North Korean hackers have been linked to malware found in South Korean ATMs, the Wall Street Journal reported. Using stolen bank information, the regime is then able to move cryptocurrency out of online wallets and cash out the money into U.S., South Korean or Chinese currency, the report stated. The hackers can also convert bitcoins to more ambiguous cryptocurrencies to make them tough to trace.
The secretive regime may now be prepared to amplify the bitcoin hacking after the U.N. Security Council unanimously approved new sanctions against North Korea, capping crude oil imports and banning natural gas liquids and condensates. China and Russia agreed to the watered-down version of the resolution after Russian President Vladimir Putin slammed the “useless” sanctions and refused to support banning all oil imports to North Korea.
“This resolution sends a very clear message to North Korea that the Security Council is united in condemning North Korea's violations and demanding North Korea give up its prohibited nuclear and ballistic missile programs,” the U.S. mission to the U.N. said after the vote.
The sanctions may damage North Korea’s economy. North Korea said before the sanctions were approved the the U.S. would face “pain and suffering” and Pyongyang was “ready and willing” to retaliate if the vote passed. The dictatorship launched its sixth nuclear test earlier this month, testing what it said was a hydrogen bomb. Global leaders also fear another intercontinental ballistic missile test could be conducted in the near future.