North Korean Hackers Move Onto Attacking Individuals After Exchanges Boost Security
North Korean hackers have reportedly carried out over 30 attacks on cryptocurrency users, according to a cybersecurity company.
The CEO of cybersecurity firm Cuvepia declared that his company detected over 30 attacks on crypto-bearing individuals probably carried out by North Korean hackers, English-language media site South China Morning Post reports Nov. 29.
Kwon Seok-Chul, the CEO of the aforementioned South Korean cybersecurity company, said that the new targets of the suspected North Korean cyberattacks “are just simple wallet users investing in cryptocurrency.” He then added that many cases probably haven’t been detected, and that there may have been well over 100 attacks.
As the article states, the “targeting of individuals holding virtual currencies such as Bitcoin (BTC) marks a departure from its previous methods.” As Cointelegraph reported this October, North Korea allegedly backed two cryptocurrency scams this year: hacks funded by the country reportedly comprise of 65% of all cryptocurrency stolen to date.
Simon Choi, founder of cyber warfare research company IssueMakersLab, attributes the shift towards attacking individuals to cybersecurity enhancements by exchanges and financial institutions:
“Direct attacks on exchanges have become harder, so hackers are thinking about alternatively going after individual users with weak security.”
Choi also said that most targets have been wealthy South Koreans since “they believe that if they target CEOs of wealthy firms and heads of organisations” then “they can take advantage of billions of won in virtual currencies.”
According to Luke McNamara, an analyst at cybersecurity company FireEye, “it’s possible from previous intrusions they’ve been able to collect information” about “people using these [cryptocurrency] exchanges.”
McNamara explained that “when they understand and know the targets” then “they are able to craft lures specific to those organisations or entities.” He added that this makes them “effective at what they are doing.”
As Cointelegraph reported, Kaspersky Labs claims that North Korean hacker collective Lazarus Group used the “first” macOS malware to hack a crypto exchange. Experts have also argued that North Korea increasingly uses cryptocurrencies to avoid U.S. sanctions.