Rogue Software Mines and Sends Monero to North Korean University

Lester Coleman
January 9, 2018

A software application has been discovered that installs code for mining Monero and sending the coins to Kim Il Sung University in Pyongyang, North Korea.

The report by Alien Vault, a security firm, indicates North Korea is seeking sources of cash for its suffering economy. The application was created on Dec. 24 and uses host computers to mine Monero, the firm noted.

The software is often used in malware campaigns and was recently used in campaigns exploiting IIS servers to mine Monero, Alien Vault noted. The firm noted cryptocurrencies may provide a financial lifeline to a country hit hard by sanctions, and that the software may be the most recent product of endeavors at the university.

One North Korean IP address has also been active on bitcoin trading sites, the firm noted.

Another security firm, Ahn Lab, noted the address is the same as the one used to control compromised web servers in cyberattacks in 2014 and 2015 on energy, traffic, telecommunications, broadcasting, financial and political institutions in South Korea.

A North Korean server used in the code does not appear to be connected to the wider Internet, Alien Vault, noted, indicating its inclusion could be meant to trick observers into making a North Korean connection. Kim Il Sung University, however, plays host to foreign students and lecturers in addition to North Koreans.

Kim Il Sung University did not respond to Reuters requests for comment. North Korean officials at the United Nations were not immediately available for comment.

North Korean Interest Grows

Other observers have cited growing signs of interest from North Korea in cryptocurrencies and blockchain technology.

Mun Chong-hyun, chief analyst at ESTsecurity, a South Korean cybersecurity firm, said cryptocurrencies are the best way for North Koreans to earn foreign currency. Cryptocurrency can be laundered several times and is hard to trace, the analyst said. Cryptocurrency observers note that Monero appeals to users who value secrecy since its funds go to a one-time address created with random numbers with every payment. This makes it harder to trace than bitcoin.

FireEye, a cybersecurity firm, reported in November there were North Korean activities against South Korean cryptocurrency sites. Analyst Luke McNamara said it is not surprising that cryptocurrencies are being targeted by a government that operates as a criminal enterprise.

Also read: North Korea did target South Korean bitcoin exchanges: police

Westerner Lectures On Crypto In North Korea

Federico Tenga, the Italian co-founder of Chainside, a bitcoin startup, noted in November that he lectured on bitcoin and blockchain at Pyongyang University of Science and Technology that the lectures were at a basic level.

A university spokesperson said the teaching can provide the next generation of North Korean professionals more concepts in seeking to develop their country. The spokesperson also said the country is aware of issues around sanctions.

Tenga said his aim was to spread technical knowledge, not suggest how to use it.

Featured image from Shutterstock.

Tags: monero
Lester Coleman

Lester Coleman is a media relations consultant for the payments and automated retailing industries.