North Korea wants your cryptocurrency
Exchanges are getting too tough to hit these days, so North Korea is moving on to targeting individuals.
North Korea is moving from trying to attack cryptocurrency exchanges to targeting individual holders, South China Morning Post (SCMP) reports, citing analysis from cybersecurity firm Cuvepia.
"They are just simple wallet users investing in cryptocurrency," said Cuvepia CEO Kwon Seok-chul of the new victims, to the SCMP. Cuvepia has identified 30 cases of North Korea targeting individuals since April, but Kwon notes that the real number is likely to be much higher.
"When cryptocurrencies are hacked, there is nowhere one can make complaints, so hackers are increasingly hacking into cryptocurrencies," he said.
Sincerely, North Korea
The attacks are taking the form of email phishing attempts, with a reliance on getting users to open infected text attachments accompanying emails. It's the kind of attack which almost certainly wouldn't let one into a tightly secured cryptocurrency exchange these days.
"Previously, hackers directly attacked exchanges," explained Simon Choi, the founder of the cyber warfare research group IssueMakersLab, to SCMP. "They targeted staff at the exchanges, but now they are attacking cryptocurrency users directly."
“They've already had successes and are continuing to progress, but during that time, the exchanges have become used to the attacks and boosted their security somewhat," he said. "Direct attacks on exchanges have become harder, so hackers are thinking about alternatively going after individual users with weak security."
Exchanges are ideal targets and North Korea has proven to be the world's most successful exchange attacker to date, says Russian security firm Group-IB, with the country's "Lazarus" hacker group being suspected of some of the highest profile heists in the crypto world to date.
Group-IB says North Korea was behind attacks including the $30 million Bithumb hack in June, and the record-shattering half-billion dollar CoinCheck heist at the start of the year.
But with exchanges tightening their security, wealthy individuals who are known to have vulnerable crypto holdings might be the next best thing.
"They believe that if they target CEOs of wealthy firms and heads of organisations, more so than ordinary people, they can take advantage of billions of won in virtual currencies," Choi said.
Luke McNamara, an analyst at the FireEye cybersecurity firm suggested to the SCMP that the North Korean hackers were able to get information on their targets from previous forays into exchanges. Some of this information might be details that let them craft a compelling message to the victim, but some of the most important might be that the target has vulnerable crypto funds somewhere on a hot wallet or an exchange without hardware wallet protection.
Elsewhere, SIM swapping is still proving to be a major problem which especially targets those who are known to have sizable holdings on exchanges, although it's not clear whether North Korea is also getting into these.
However, what it has also been getting into is good old fashioned exit scams. As previously reported by Asia Times, it's likely that North Korea has been creating its own coins, launching its own ICOs and pulling off its own exit scams.
With the crippling sanctions laid on North Korea being, well, crippling, the hermit kingdom can always use more money and it seems to be pulling out all the stops to take advantage of cryptocurrency. This might even extend as far as state-sponsored 51% attacks, Group-IB suggested, with mining pools being potentially vulnerable entry points.