North Korea attacks Bitcoin bods to swell its war chest says FireEye

BTC isn't explicitly covered by sanctions and Kim could launder it into useful currencies

By Simon Sharwood, APAC Editor


North Korea appears to have commenced online attacks aimed at acquiring Bitcoin so it can evade sanctions.

South Korea's Cyber Warfare Research Center alleged a few weeks ago that at least one Bitcoin exchange had been targeted by a Nork hack, and now FireEye threat researcher Luke McNamara writes that “since May 2017, we have observed North Korean actors target at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds”.

FireEye operatives say they've observed spearphishing that often “targets personal email accounts of employees at digital currency exchanges, frequently using tax-themed lures and deploying malware (PEACHPIT and similar variants) linked to North Korean actors suspected to be responsible for intrusions into global banks in 2016.”

North Korea is subject to United Nations sanctions that freeze any assets it holds offshore and forbid members from providing financial services, financial support or allowing banks to do business with the oppressive, nukes-and-missiles-capable hermit kingdom.

Sovereign nations regulate financial services organisations, but few have figured out how to oversee production of or transactions conducted in Bitcoin and other cryptocurrencies.

McNamara therefore offers a scenario in which “If actors compromise an exchange itself (as opposed to an individual account or wallet) they potentially can move cryptocurrencies out of online wallets, swapping them for other, more anonymous cryptocurrencies or send them directly to other wallets on different exchanges to withdraw them in fiat currencies”. The researcher worries that “some exchanges in different jurisdictions may have lax anti-money laundering controls easing this process and make the exchanges an attractive tactic for anyone seeking hard currency.”

And boy does North Korea need hard currency - its trade with the outside world is small and new sanctions imposed this week will reduce it further by banning its textiles trade and capping the number of guest workers it is allowed to send abroad.

If McNamara is correct and North Korea is acquiring Bitcoin to make up for its lack of access to more conventional types of currency, it's likely that authorities will become even more interested in ending anonymous trades. Bitcoin's anonymity has, however, been called into question since at least 2014, so it may be that North Korea's efforts are already traceable. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Black hole munched galactic leftovers, spewed stars, burped

Galaxy can turn itself off, then on again

Forget Iran and North Korea. Now there's another uranium source

Yeah, try slapping some sanctions on black holes

Australian foreplay: Bum-biting in an underground hole

Wombats have all the fun

Supermassive black hole dominates titchy star formation

Nork hackers exploit Flash bug to pwn South Koreans. And Adobe will deal with it next week

Maybe it's a good time to just delete the thing

Adobe: Two critical Flash security bugs fixed for the price of one

Emergency patch lands, shuts pair of remote exploitable holes, one used by Norks

Limp Weiner to get 21 months in the hole

Hard time ahead for disgraced sexting politician Anthony

Boffins on alert: Brace yourselves for huge gravitational wave coming within a decade

When supermassive black holes collide, we'll feel it

Smoking hole found on Mars where Schiaparelli lander, er, 'landed'

Pic 4KM plummet to surface shattered Euro spacecraft

UK's Royal Navy buys £13m mine-blasting robot boat

Atlas Elektronik's ARCIMS demo vessel taken on by Her Maj's finest