North Korea-linked hackers attempted to steal cryptocurrency from South Korean cryptocurrency exchange users late last year just as the price of bitcoin rallied, according to cybersecurity firm Recorded Future.
The report revealed that the attacks were executed by Lazarus, a hacking group with previous ties to the North Korean government, and used shared code with Destover malware, which was used in the Sony Pictures 2014 attack and the first WannaCry ransomware attack.
The hackers used malware known as Ghostscript, from mid-October to late November, to target people using Hangul World Processor (HWP), a Korean word-processing program. Bitcoin prices peaked in mid-December.
“We live in a world that’s increasingly digitally connected. We are connecting billions of things to the Internet every quarter, including currencies and cars and other things that we hadn’t previously thought as digital. So there’s exposure there obviously,” Endgame CEO Nate Fick said on FOX Business’ “Mornings with Maria.”
The researchers said North Korea was attempting to obtain cryptocurrencies in order to deal with the financial sanctions imposed on the nation by the U.N. Security Council.
“When you talk about war with a place like North Korea and the United States, you’re talking about a potential war between a strong country and a weak country and the cyber capabilities can be weapons of the weak. They are cheap and easy to develop,” Fick said.
Bitcoin prices along with other cryptocurrencies including Ripple and Ethereum have tumbled over concerns of a South Korean regulatory crackdown.