North Korea is currently facing sanctions because of their unapproved nuclear weapons program, and as a result, their reserves have been significantly affected. In order to make up for this, hackers from North Korea have taken it upon themselves to revive their nation’s money reserves, and they have chosen to rob individual crypto investors to achieve their goal.
According to South China Morning Post (SCMP), this strategy is a deviation from their usual mode of operation which is to attack financial institutions of great repute.
In order to carry out their agenda, the hackers have devised a way of penetrating the crypto vault of their victims, and that is done by sending corrupt file attachments to them in the form of an email which upon downloading, infects the computer system of their victim and assumes total control of their device. This automatically gives them unrestricted access to do whatever they desire.
Simon Choi, the founder of IssueMakersLab, a research group for cyber warfare, confirmed the change of tactics by the North Korean hackers. He was of the opinion that the reason the attacks have been transferred to individuals rather than exchange platforms was that the crypto trade platforms had increased their security to an impenetrable level in recent times. Here are his words:
“Direct attacks on exchanges have become harder, so hackers are thinking about alternatively going after individual users with weak security. They targeted staff at the exchanges, but now they are attacking cryptocurrency users directly. With the US, the UN and others imposing sanctions on the North Korean economy, North Korea is in a difficult position economically, and cryptography has come to be seen as a good opportunity.”
Kwon Seo-Chul, Cuvepia’s CEO, disclosed that his firm had discovered 30 hacking occurrences against cryptocurrency investors by North Korean hackers.
“They are just simple wallet users investing in cryptocurrency. In fact, when cryptocurrencies are hacked, there is nowhere one can make complaints, so hackers are increasingly hacking into cryptocurrencies,” said Kwon.
Choi also included in his statement that the majority of the attacks were directed towards wealthy South Koreans because the hackers believed that they would obtain a larger amount of money faster from CEOs of successful companies. It is still a surprising thing why these attacks should still be common today considering the availability of hardware wallets and retail custody solutions.
While stating the reason why hackers easily attack individual crypto investors and don’t get caught, Kwon said:
“When cryptocurrency wallets are hacked, there is nowhere one can make complaints, so hackers are increasingly hacking into digital currency accounts. Some of the attacks are carried out by sending the victims an email with infected file attachments.”
For some time now, North Korea has enjoyed benefits from cryptocurrencies. Pyongyang has been avoiding US sanctions through the use of cryptocurrency as was made known by a report in September. Priscilla Moriuchi, a former NSA official on cybersecurity, was reported to have said that Pyongyang received regular income worth millions of dollars from cryptocurrency trading and mining activities.
“North Korea has pursued other avenues for obtaining cryptocurrencies as well, including mining of both bitcoin and Monero, ransom paid in bitcoin from the global WannaCry attack in May and even commissioning a cryptocurrency class for North Korean students in November,” she said.