North Korea may be attempting to circumvent the effects of tough economic sanctions by enlisting state-sponsored hackers to target bitcoin exchanges, according to a prominent cybersecurity firm.
In a report published Monday, FireEye said it has detected at least five instances of suspicious activity by North Korean hackers against South Korean cryptocurrency targets since last April, including at least three attacks on virtual currency exchanges. The intrusions followed previous efforts by operators with ties to North Korea to target “bank and the global financial system,” the firm said.
“Now, we may be witnessing a second wave of this campaign: state-sponsored actors seeking to steal bitcoin and other virtual currencies as a means of evading sanctions and obtaining hard currencies to fund the regime,” the FireEye report said.
The apparent state-sponsored hacking efforts occurred at a time when bitcoin and other virtual currencies are rapidly gaining value. Bitcoin prices reached a record-high value of more than $5,100 earlier this month, but dropped significantly to below $4,000 in recent days after the Chinese government announced a crackdown on the use of cryptocurrencies.
North Korea’s economy is showing signs of strain this week amid significant economic sanctions imposed by the United States and the United Nations over Kim Jong Un’s nuclear weapons program, Reuters reported. The latest UN sanctions placed limits on North Korean oil imports and banned the export of textiles from North Korea.
FireEye says North Korea’s state-sponsored hackers use a technique called “spearphishing” to target the personal email accounts of individuals working at cryptocurrency exchanges, dispensing malware that allows the hackers to access digital currency “wallets.”
“It should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise,” the FireEye report said. “While at present North Korea is somewhat distinctive in both their willingness to engage in financial crime and their possession of cyber espionage capabilities, the uniqueness of this combination will likely not last long-term as rising cyber powers may see similar potential.”