South Korea’s internet security authority has pointed to an ‘alarming’ rise of malware attacks from North Korean hackers seeking bitcoin to fund Kim Jong Un’s regime.
A new report by the Korea Internet & Security Agency (KISA), the authority responsible for maintaining and safeguarding the country’s internet space, has highlighted an increasing number of malware attacks led by hackers suspected to be from North Korea.
As reported by Korean news agency Yonhap, the reported instances of malicious code between July-September of this year went up to 452 cases against 436 in the second quarter. Cases of ransomware – a cybersecurity attack where victims are extorted into paying cryptocurrencies like bitcoin to regain access to their crippled computers – were up 3.7x in the January-September period at 5,366 cases against last year’s 1,438.
A KISA official stated:
Hackers are boldly spreading malicious code not only to hunt for bitcoins but to directly attack Internet sites.
North Korean hackers have been accused of stealing ₩100 million in bitcoin (approx. $90,000) every month between 2013-2015. In September, cybersecurity firm FireEye revealed details of a state-sponsored North Korean hacker campaign to steal bitcoin from cryptocurrency exchanges in South Korea.
An excerpt from the report revealed the theft was to fill “the personal coffers of Pyongyang’s elite”, stating:
State-sponsored actors seeking to steal bitcoin and other virtual currencies as a means of evading sanctions and obtaining hard [safe haven] currencies to fund the regime.
One of the many attacks included a notable hack of South Korean bitcoin exchange Yapizon where hackers made away with $5 million in user funds and bitcoin.
More recently, an official from South Korea’s Cyber Warfare Intelligence Center (CWIC) pointed to a number of phishing attempts by North Korean hackers targeting South Korean exchanges with malware-laden emails.
All of which led to a comprehensive investigation by South Korea’s National Police Investigation (NPA). In its official report, the authority confirmed that North Korean hackers have and are continuing to target bitcoin exchanges in the country. Details of the investigation revealed a total of 25 employees at 4 domestic bitcoin exchanges subjected to at least 10 separate phishing attempts originating from a North Korean IP address that was previously linked to other hacking attempts targeting Seoul.
Featured image from Shutterstock.
Last modified: May 21, 2020 9:07 AM UTC