North Korean hackers are targeting South Korean banks and other cryptocurrency outlets in response to the increasingly harsh international sanctions that have been levied against and are starting to take their toll on the Hermit Kingdom.
The targeted cryptocurrencies, which have greatly increased in value lately, are being used by North Korea to evade sanctions since they can be cashed in for hard currencies to fund the regime.
Threat actors have been hitting South Korean cryptocurrency targets since early 2017 beginning with raids on four wallets on the Yapizon bitcoin exchange a few days before the United States announced plans to increase economic sanctions against North Korea, according to a Sept. 11 blog post.
Hackers next launched spearphishing attacks against another South Korean exchange in May and by early June researchers witnessed more suspected North Korean activity targeting unknown victims believed to have been other cryptocurrency service providers in South Korea. Another South Korean Exchange was targeted in early July using spearphishing tactics.
Threat actors targeted personal email accounts of employees at the digital currency exchanges often using tax-themed lures to ultimately deploy the PEACHPIT malware along with similar variants all of which have been linked to North Korean actors suspected in the 2016 intrusions into global banks.
Researchers noted the attacks marked a departure from previously observed activity from North Korean threat actors who often employed cyber espionage for nation state activates and suspect the attacks were carried out to fund the state or personal coffers of Pyongyang's elite.
It's also worth noting that it's more advantageous to the threat actors to target the exchange itself as opposed to individual wallets so they could potentially move cryptocurrencies out of online wallets, swapping them for other, more anonymous cryptocurrencies or send them directly to other wallets.
In other news, cryptocurrency miners are on the rise and although the practice is legal, researchers suspect an increase may in part be due to mining software that is not malicious in itself but is installed unbeknownst to the user, according to a Sept. 11 Kaspersky Lab report.
Researchers noted a significant uptick in networks mining cryptocurrencies, often are monero (XMR) and zcash, between 2013 when approximately 205,000 users globally were targeted by this type of threat and 2017 when 1.65 million were targeted.
High-Tech Bridge Chief Executive Officer Ilia Kolochenko said statistically speaking, the number of infected user's number is a drop in the ocean.
“However, it clearly highlights that cybercriminals have found a new vector to monetize massive breaches of personal machines and devices,” Kolochenko said. “In the past, user machines were compromised, backdoored and sold to send spam, host illicit content, infect other machines or to be used as proxies in new attacks.
He added that he thinks this will be a growing trend because it provides cybercriminals a reliable way to make a profit from botnets by turning them into cryptocurrency mines that provide good anonymity by design, minimal risk, and guaranteed high profits.