Published: Thu, September 14, 2017
Tech | By Dwayne Harmon

Is North Korea Turning to Bitcoin to Build More Nuclear Bombs?

Now, we may be witnessing a second wave of this campaign: state-sponsored actors seeking to steal bitcoin and other virtual currencies as a means of evading sanctions and obtaining hard currencies to fund the regime.

Bloomberg said Tuesday that according to a new report from security researcher FireEye Inc., hackers from Kim Jong-un's regime are increasing their attacks on cryptocurrency exchanges in South Korea and related sites.

Many other attacks were pointed out, like in April where the bitcoin exchange Yapizon lost $5 million, or between May and July four more attacks have taken place - Bithumb the largest SK exchange for bitcoin and ethereum has been security breached for personal data and so hundreds of millions were stolen.

Cryptocurrency attacks by North Korea were first detected in 2016.

"We definitely see sanctions being a big lever driving this sort of activity", said Luke McNamara, a researcher at FireEye and author of the report, to Bloomberg.

The 15-member United Nations Security Council on Monday approved sanctions aimed at punishing North Korea for its latest missile and nuclear tests. The country's diplomats and official media have denied the country played any role in cyberattacks, including the hacking of Sony Pictures Entertainment in 2014.

The sanctions imposed against North Korea are to: limit North Korea's oil imports, ban textile exports, end additional overseas laborer contracts, stop smuggling efforts, stop interactions with other countries and rules to target the government itself, according to a United States official familiar with negotiations. The report noted that "the massive popularity of the cryptocurrency gained Kim Jong-un's attention" and this represents a great opportunity for crypto traders.

"It should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise", the FireEye report said.

The North Korean government has repeatedly denied involvement in worldwide cyberattacks.

FireEye identified the malware, known as PEACHPIT, and provided examples of documents it was attached to, including one published by Seoul-based Hyundai Research Institute about the state of bitcoin industries.

FireEye stated that the company began to observe North Korea conducting cyber crimes, such as targeting banks and financial systems, back in 2016. "They've been creative in how they use their cyber-espionage capability".

FireEye identified the North Korean group behind the bitcoin attacks as TEMP.Hermit. Sanctions from the global community could be driving North Korean interest in cryptocurrency, as discussed earlier. But FireEye points out that hackers can swap them into other, more anonymous cryptocurrencies - or move them elsewhere and eventually withdraw them in traditional currencies like South Korean won or US dollars.

Like this: