FireEye’s report suggested that North Korean hackers are attempting to breach into South Korean cryptocurrency exchanges and steal user funds in Bitcoin and Ethereum.
Since May 2017, FireEye researchers claimed that North Korean hackers have been consistently targeting South Korean exchanges like Yapizon, which underwent major security breaches.
The FireEye report read:
“Add to that the ties between North Korean operators and a watering hole compromise of a Bitcoin news site in 2016, as well as at least one instance of usage of a surreptitious cryptocurrency miner, and we begin to see a picture of North Korean interest in cryptocurrencies, an asset class in which Bitcoin alone has increased over 400 percent since the beginning of this year.”
“Spearfishing” the largest Bitcoin exchanges in South Korea
The research firm further emphasized that a method called “spearfishing” has been used against some of the largest Bitcoin exchanges in South Korea.
By targeting users with tax-related phishing attacks, and deploying malware such as PEACHPIT, FireEye claimed that North Korean hackers were able to gain access to the accounts of many South Korean Bitcoin and Ethereum users.
The report added:
“The spearphishing we have observed in these cases often targets personal email accounts of employees at digital currency exchanges, frequently using tax-themed lures and deploying malware (PEACHPIT and similar variants) linked to North Korean actors suspected to be responsible for intrusions into global banks in 2016.”
Throughout its report, researchers and analysts at FireEye state that the initiation of hacking attacks toward South Korean cryptocurrency trading platforms coincided with the enforcement of increased economic sanctions against North Korea by the US and the international community.
The report revealed that the first spearfishing attacks against South Korean trading platforms began in early May, targeting a single exchange.
In late May, a second Bitcoin exchange was reportedly breached by North Korean hackers, compromising user funds.
In early July, FireEye researchers claimed that a third major South Korean exchange was targeted, with a method which directly allowed North Korean hackers to threaten personal accounts through spearfishing.
So what was the purpose of the attacks?
All of the abovementioned attacks occurred after the enforcement of new sanctions against North Korea on April 24, which led analysts within the cryptocurrency sector to speculate on the purpose of the attacks towards South Korean cryptocurrency exchanges.
FireEye’s report noted that amidst tightening sanctions and the enforcement of new regulations against trading with North Korea, it is understandable that the North Korean government would target an emerging asset class which is triggering an exponential increase in demand in China, South Korea and Japan.
The report concluded:
“It should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise. While at present North Korea is somewhat distinctive in both their willingness to engage in financial crime, and their possession of cyber espionage capabilities, the uniqueness of this combination will likely not last long-term as rising cyber powers may see similar potential.”
Because Bitcoin exchanges and trading platforms are centralized, the level of security for Bitcoin and cryptocurrency wallets wholly depend on the service provider.
Hence, in order to prevent any more attacks from North Korean hackers, South Korean exchanges should allocate more resources in securing their platforms with necessary measures.