North Korean hackers have been targeting South Korean cryptocurrency exchanges in a series of online assaults resembling those of the WannaCry ransomware attacks. Not so long ago Sony Pictures, a US-based company, complained that its privacy had been breached.
Perpetrated by the Lazarus Group, the latest attacks, which had WannaCry written all over them, targeted Coinlink, one of the world’s foremost trading exchange markets for cryptocurrencies.
It is a particularly fraught moment with escalating tensions on the Peninsula and a recently broached deal that North Korean athletes may compete side-by-side with their Southern counterparts.
According to a report entitled “North Korea Targeted South Korean Cryptocurrency Users and Exchange in Late 2017 Campaign,” the North Korean government had backed hackers to carry out the attacks.
Carried out by Recorded Future, a cybersecurity specialist, the report specifically outlines a link between the Destover malware, which was used on the attack of Sony Pictures Entertainment in 2014, and the recent forays into the privacy of South Korea’s crypto markets. Later in the report, we read that the discovered malicious software also bore resemblance with WannaCry.
Phishing For Rookies: A Smart Malware
Understanding the nature of the attack may help specialists safeguard against future similar forays. However, because of the inter-connectedness of cryptocurrencies, users will have to play their fair share in protecting their peers from the spreading of malicious software.
Phishing is the spearhead strategy that usually does the trick for hackers. Because of the high numbers of participants, chances are someone will open an infected document and spread the disease at a dazzling speed.
As you may have guessed, obtaining one’s e-mail address is not the most complex of undertakings, especially for a group of people dedicated to tracking down Internet credentials and infiltrating high-security cryptocurrency bastions.
Before anyone has had time to detect the breach, funds may already be well on their way out.
The Flipside – Coinlink Denies the Breach
Surprisingly still was Coinlink’s own reaction to the report. According to the company, there has been no attempt to hack into the system, least of all from North Korean snoops.
In addition, Coinlink reassured the public that their e-mail passwords and the platform’s credentials remained intact.
Recorded Future Director of Strategic Threat Development Priscilla Moriuchi e-mailed CNBC, a news network, on Tuesday with the company’s take on the North Korea’s spate of attacks.
According to Ms Moriuchi, North Korea was looking for a way to avoid international sanctions, which have taken a toll on its economy. By using cryptocurrencies, Ms Moriuchi estimated, North Korea could de facto eliminate the burden of the international financial system.
The regime of North Korean Leader Kim Jong-un is effectively looking into ways to diversify how its regime is funded.
Stepping up the Pressure, Bithumb Hacked Out of $7m
There is merit to Ms Moriuchi’s words. Recorded Future have detected other attacks originating from North Korea as well.
In February 2017, the world’s second largest cryptocurrency exchange in terms of trading volume was attacked. The losses were devastating. Estimated $7m have been syphoned off the platform. The stolen tokens were mostly in Bitcoin and Ether denomination.
According to Recorded Future, that was another doing of North Korean hackers. A number of security companies have been warning against North Korea’s hackers who have been employing a wide range of tools to breach the security of some of the most lucrative trading venues for cryptocurrencies on the planet.
In the account of Insikt Group, a cybersecurity research unit, North Korea hit hard through a massive distribution of its malware in the autumn of 2017. Since then, the perpetrators have been stepping up their efforts into spreading their malware through files so that they may break into users’ wallets.
What We Do in the Shadows and Why North Korean Hackers Hack
Apart from the above-stated reasons whereby North Korea can legitimately obtain the means to fuel its operations outside the international financial system, there is another underlining reason – opportunity.
A number of security services have pointed out to inside help in much of North Korea’s attacks. Worse still, a native South Korean cryptocurrency trading platform by the name of YouBit was taken down.
The Korea Internet and Security Agency managed to furnish sufficient proof that YouBit had been facilitating attacks from the South’s infamous neighbour. This is a particularly apt moment to be worried about how cryptocurrencies can be used to prop up anything from illegal activities to rogue states. Caution is advised.