North Korean hackers target Bitcoin to bypass US and China sanctions, claim researchers
Hackers linked to regime have hacked at least three South Korean cryptocurrency exchanges, cybersecurity firm says
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.North Korean hackers are increasingly targeting Bitcoin as a way to circumvent international sanctions, researchers have claimed.
Hackers linked to the regime have hacked into at least three South Korean cryptocurrency exchanges to steal Bitcoin this year, a report by cybersecurity firm FireEye said.
The UN Security Council has agreed to impose new sanctions on North Korea following its sixth and largest nuclear test, banning textile exports and capping fuel supplies, but such measures may mean North Korea focuses its efforts on generating revenue through cybercrime.
North Korea has been observed using cybercrime to steal money by targeting banks in the past, the report notes.
“Now, we may be witnessing a second wave of this campaign: state-sponsored actors seeking to steal Bitcoin and other virtual currencies as a means of evading sanctions and obtaining hard currencies to fund the regime,” Luke McNamara, the report's author, wrote.
Mr McNamara said North Korea's secretive Office 39, which is thought to be involved in generating black market funds through gold smuggling and counterfeiting foreign currency, could be linked to the hackers.
His report noted how escalating sanctions against North Korea were associated with an increase in spearphishing campaigns and malware attacks targeting South Korean Bitcoin exchanges.
Spearphishing involves targeting personal email accounts of employees at the digital currency exchange, then using their passwords to gain access to the company's network.
From there, the hackers can steal Bitcoin or withdraw the cryptocurrency as South Korean won or US dollars.
"It should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise," Mr McNamara wrote.
"While at present North Korea is somewhat distinctive in both their willingness to engage in financial crime and their possession of cyber espionage capabilities, the uniqueness of this combination will likely not last long-term as rising cyber powers may see similar potential.
"Cyber criminals may no longer be the only nefarious actors in this space."
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments