Hackers linked to North Korea are ramping up attempts to steal bitcoin in order to bring in money for Kim Jong Un’s regime, a top cybersecurity firm says.
Bitcoin and other forms of virtual money — known as cryptocurrencies — appeal to North Korea as the U.S. pursues international sanctions aimed at further isolating the country, according to a new report from FireEye.
“Sanctions against North Korea are likely to fuel their cybercrime activity,” said Bryce Boland, Singapore-based chief technology officer with FireEye. “Attacks on cryptocurrency exchanges can be a great vehicle to obtain what is ultimately hard currency.”
It’s just the latest example of the illicit ways North Korea allegedly brings in money as it endures wave after wave of increasingly tough international sanctions over its rapidly advancing nuclear weapons program.
FireEye says it has identified three attacks against South Korean cryptocurrency exchanges that took place between May and July, all of them linked to North Korean hackers. The spike in activity began soon after the U.S. said it planned to ratchet up sanctions against North Korea.
With fresh U.N. sanctions and bitcoin’s skyrocketing value, “the potential windfall from these attacks has risen accordingly,” Boland said.
A single bitcoin is currently worth more than $4,300, up from less then $1,000 at the start of the year.
FireEye identified the North Korean group behind the bitcoin attacks as TEMP.Hermit. Other security firms have linked the group to past high-profile cyberattacks, including the hacking of Sony Pictures in 2014.
Hackers tied to North Korea are also suspected of carrying out a series of attacks on global banks that came to light last year. They included a cyberheist on Bangladesh’s central bank in which tens of millions of dollars were stolen.
The North Korean government has repeatedly denied involvement in international cyberattacks.
Intelligence agencies and cybersecurity experts have also linked North Korea to WannaCry, the biggest cyberattack the world has ever seen. The WannaCry virus initially demanded victims pay a ransom in bitcoin, yielding more than $140,000.
Bitcoin and other cryptocurrencies are often held in accounts at online exchanges. But FireEye points out that hackers can swap them into other, more anonymous cryptocurrencies — or move them elsewhere and eventually withdraw them in traditional currencies like South Korean won or U.S. dollars.
North Korean hackers have previously targeted South Korean cryptocurrency exchanges, stealing bitcoin worth $88,000 (at the time) between 2013 and 2015, according to Yonhap News, which cited South Korean cybersecurity firm Hauri.