January 2, 2018 by

North Korea Targets South Korean Computes to Mine Cryptocurrencies

A North Korean hacking unit seized a server belonging to a South Korean company to mine a cryptocurrency – yet another instance where Kim Jong Un’s regime is seeing finances pour in via cryptocurrencies.

According to Kwak Kyoung-ju, the lead of a hacking analysis team at the Financial Security Institute in South Korea, a North Korean hacking unit called Andariel took control of a server belonging to a company in the south to mine 70 Monero coins, according to Bloomberg. As of January 2nd, the mined coins are worth over $25,000.

“Andariel is going after anything that generates cash these days,” Kwak revealed. “Dust gathered over time builds a mountain.”

After a string of international sanctions that has seen trade bans and even oil supplies curbed, Pyongyang is increasingly looking at alternative sources of income to fund Kim Jong Un’s regime.

The hackers chose to mine Monero since it is a privacy-focused coin that is more anonymous than bitcoin, Kwak said. Monero uses a network of miners to verify its transactions, much like bitcoin. However, the cryptocurrency – by design – mixes multiple transactions to make it harder to trace the origin of the funds while adopting a “dual-key stealth” address mechanism to make its participants anonymous.

Such is the expertise of the hackers that Andariel seized control of the server and mined Monero while going undetected for over half a year.

It has to be noted that North Korean state-sponsored hackers are no longer focused on cyberespionage or stealing government secrets. Instead, their operations in 2017 have predominantly been centered on financial gains.

“North Korean threats meant attacks on the government and national defense, but now they are looming very large over the private sector,” said Lee Dong-geun, chief analyst at the government-run Korea Internet Security Center in Seoul. “They are primarily after information for financial ends.”

More recently, the US directly implicated North Korea for the sweeping global ransomware campaign, WannaCry. The comprehensive ransomware attack struck down hundreds of thousands of computers globally in 2017.

Image credit: Wikimedia.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Hackers Steal $400,000 of Cryptocurrency in DNS Hijack

Unknown hackers have hijacked the DNS server for web-based wallet application BlackWallet, an online...

Read more arrow_forward

Hackers Hijack DNS Server of Cryptocurrency Exchange EtherDelta

In a series of tweets posted last night, cryptocurrency exchange EtherDelta announced it suffered a...

Read more arrow_forward

US Govt Issues Alert Over North Korean Cyber Attacks

The Department of Homeland Security has issued a warning about cyber attacks originating in North...

Read more arrow_forward