Security

North Korea attacks Bitcoin bods to swell its war chest says FireEye

BTC isn't explicitly covered by sanctions and Kim could launder it into useful currencies

By Simon Sharwood

19 SHARE

North Korea appears to have commenced online attacks aimed at acquiring Bitcoin so it can evade sanctions.

South Korea's Cyber Warfare Research Center alleged a few weeks ago that at least one Bitcoin exchange had been targeted by a Nork hack, and now FireEye threat researcher Luke McNamara writes that “since May 2017, we have observed North Korean actors target at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds”.

FireEye operatives say they've observed spearphishing that often “targets personal email accounts of employees at digital currency exchanges, frequently using tax-themed lures and deploying malware (PEACHPIT and similar variants) linked to North Korean actors suspected to be responsible for intrusions into global banks in 2016.”

North Korea is subject to United Nations sanctions that freeze any assets it holds offshore and forbid members from providing financial services, financial support or allowing banks to do business with the oppressive, nukes-and-missiles-capable hermit kingdom.

Sovereign nations regulate financial services organisations, but few have figured out how to oversee production of or transactions conducted in Bitcoin and other cryptocurrencies.

McNamara therefore offers a scenario in which “If actors compromise an exchange itself (as opposed to an individual account or wallet) they potentially can move cryptocurrencies out of online wallets, swapping them for other, more anonymous cryptocurrencies or send them directly to other wallets on different exchanges to withdraw them in fiat currencies”. The researcher worries that “some exchanges in different jurisdictions may have lax anti-money laundering controls easing this process and make the exchanges an attractive tactic for anyone seeking hard currency.”

And boy does North Korea need hard currency - its trade with the outside world is small and new sanctions imposed this week will reduce it further by banning its textiles trade and capping the number of guest workers it is allowed to send abroad.

If McNamara is correct and North Korea is acquiring Bitcoin to make up for its lack of access to more conventional types of currency, it's likely that authorities will become even more interested in ending anonymous trades. Bitcoin's anonymity has, however, been called into question since at least 2014, so it may be that North Korea's efforts are already traceable. ®

Sign up to our NewsletterGet IT in your inbox daily

19 Comments

More from The Register

US Treasury goes after IT shops for funneling cash to North Korea

Meanwhile, Norks deny Sony hacker ever existed

UK.gov joins Microsoft in fingering North Korea for WannaCry

I can’t go into the details of our intelligence, but...

'Desperate' North Korea turns to bank hacking sprees to rake in much-needed dosh

State-sponsored intrusions meets financial acquisition with APT38

Don't want to alarm you, but defence bods think North Korea could nuke UK 'within a few years'

Report on threat posed by rogue state demands more cash for government hackers

FBI fingers North Korea for two malware strains

'Joanap' and 'Brambul' harvest info about your systems and send it home

North Korea's finest spent 2017 distributing RATs, wipers, and phish

And sent them mostly to South Korea, naturally

North Korea's antivirus software whitelisted mystery malware

'SiliVaccine' uses ancient, stolen, Trend Micro AV engine and bad home-brew crypto

Russian telco backs up North Korea's sole Internet link

Transtelecom can reach 256 North Korean hosts

WannaCrypt 'may be the work of North Korea' theory floated

Lazarus rising again... or not

US-CERT warns of more North Korean malware

'Typeframe' springs from the same den as 'Hidden Cobra'