The United Nations has launched an investigation into North Korean cyber-attacks which targeted cryptocurrency exchanges in the neighboring South. India has also been a victim in the digital crime spree which targeted 17 countries in total.
Cryptocurrency Exchanges Targeted
The UN has ramped up its investigation of North Korean cyber-attacks following the release of a report detailing efforts to accumulate wealth for weapons programs. According to the SCMP there have been at least 35 incursions in 17 countries.
A high level North Korean military intelligence agency called the Reconnaissance General Bureau is believed to be behind the attacks. The preliminary report stated that over $2 billion has been amassed from a hacking spree which targeted financial institutions and cryptocurrency exchanges, predominantly in South Korea.
Ten of the 35 attacks were on South Korean targets with India suffering three while Bangladesh and Chile had two apiece. It added that 13 countries suffered one attack: Costa Rica, Gambia, Guatemala, Kuwait, Liberia, Malaysia, Malta, Nigeria, Poland, Slovenia, South Africa, Tunisia and Vietnam.
The methods of attack included channels through interbank transfer protocol, SWIFT, where hackers exploited bank employee computers and infrastructure which was accessed to send fraudulent messages and destroy evidence. The investigation also revealed the theft of cryptocurrency
“through attacks on both exchanges and users and mining of cryptocurrency as a source of funds for a professional branch of the military”
The panel stated that one of South Korea’s largest cryptocurrency exchanges, Bithumb, was targeted on multiple occasions. It added that the first two attacks were in February 2017 and July 2017, with each resulted in losses of approximately $7 million. A June 2018 attack led to a $31 million loss and one in March this year resulted in a $20 million loss.
A number of cryptocurrency exchanges in the region have been attacked this year including Binance, Tokyo based BitPoint, and Singapore based Bitrue. However, the investigation did not directly tie these hacks with the Pyongyang regime.
CryptoJacking: A Weapon Of Choice
The investigation also revealed that cryptojacking was used on several occasions to mine cryptocurrencies on the sly. This method involves the use of malware to hijack unsuspecting computers and harness their processing power in order to mine Monero. XMR is usually the hacker’s coin of choice due to its extensive privacy and anonymity layers.
It added that one report analyzed a piece of malware designed to mine Monero and send the digital loot to servers located at Kim Il-sung University in Pyongyang. In August last year it was reported that the Lazarus group, which has close ties to the North, had resurfaced with new malware targeting Apple Mac operating systems among others.
Image from Shutterstock