According to South Korean cyber crime analysts at Financial Security Group, a hacking ring known as Andariel have been seizing control of computers to mine cryptocurrencies. It’s believed that they’re operating from within North Korea and it is sanctions against Kim Jong Un’s regime that is causing the hackers to experiment with such unorthodox tactics.
During the summer of 2017, Andariel are thought to have secretly taken over a server at a South Korean company. Since then, the server has been used to mine around 70 Monero. Whilst at the time of writing, the market price for the haul is just over $26,000, Kwak Kyoung-ju of Financial Security Group told Bloomberg about how international sanctions had forced North Korea to get creative with their attacks:
Andariel is going after anything that generates cash these days… Dust gathered over time builds a mountain.
It’s thought that hackers from North Korea are favouring privacy-focused coins like Monero because they offer much greater anonymity than Bitcoin does. This makes it easier for those transacting using it to remain undetected by law enforcement. Monero uses a different address format and mixes transaction inputs. These security measures make it near impossible to trace the origin of funds.
The year 2017 has seen the perpetrators of North Korea’s cyber attacks shift their targets from States to private entities. The chief analyst at South Korea’s Internet Security Centre in Seoul, Lee Dong-geun, recently told a discussion forum about the changes to their northern counterpart’s tactics:
“North Korean threats meant attacks on the government and national defense, but now they are looming very large over the private sector… They are primarily after information for financial ends.”
The server security compromise is the latest reported case of North Korean cyber criminals turning to cryptocurrency as a funding source. Already in 2017, multiple Bitcoin exchanges are thought to have had their security compromised by groups like Andariel. YouBit were forced to declare bankruptcy in December following a hacking that left them unable to continue doing business. The WannaCry ransomware attack of May has also been attributed to North Korean hackers. It’s estimated that some 300,000 computers were affected by the software which froze systems until a payment of Bitcoin was made to unlock them again.
It’s thought that this focus on hard cash will increase as international sanctions tighten their hold on the North Korean government. The UN are currently stepping up its efforts to stifle the nation’s efforts at funding their nuclear weapons facilities. FireEye internet security think-tank said the following to the Independent:
“With North Korea’s tight control of its military and intelligence capabilities, it is likely that this activity was carried out to fund the state or personal coffers of Pyongyang’s elite, as international sanctions have constricted the Hermit Kingdom.”