North Korean hackers are hijacking computers to mine cryptocurrencies as the regime in Pyongyang widens its hunt for cash under tougher international sanctions.
A hacking unit called Andariel seized a server at a South Korean company last summer and used it to mine about 70 Monero coins — worth about $25,000 as of Dec. 29 — according to Kwak Kyoung-ju, who leads a hacking analysis team at the South Korean government-backed Financial Security Institute.
The case underscores the increasing appetite from cyberattackers for digital currencies that are becoming a source of income for the Kim Jong Un regime. North Korea is accelerating its pursuit of cash abroad as the world tightens its stranglehold on its conventional sources of money with sanctions cutting oil supplies and other trade bans.
“Andariel is going after anything that generates cash these days,” said Kwak. “Dust gathered over time builds a mountain.”
The hackers may have seized other computers to mine cryptocurrencies and appear to prefer Monero because the currency is more focused on privacy and easier to hide and launder than bitcoin, Kwak said, citing the analysis of the server. Andariel was able to take control of the server undetected by its operator, he said.
A cryptocurrency can be earned if a complex mathematical problem is solved, but it requires high-powered computers that often only corporations can afford. Not every company spends as much on protecting their computers from hackers. Yapian, the owner of bitcoin exchange Youbit, said in December it would close after getting breached.
Like bitcoin, Monero uses a network of miners to verify its trades. But it mixes multiple transactions to make it harder to trace the origin of funds, and adopts “dual-key stealth” addresses that make it difficult to pinpoint recipients.
South Korean investigators are looking at North Korea among their suspects. The country’s hackers are increasing attacks on cryptocurrency exchanges in Seoul, security researcher FireEye Inc. said in September.
The U.S. has also blamed North Korea recently for the WannaCry ransomware attack that affected hundreds of thousands of computers globally in 2017. Hackers demanded bitcoin in exchange for unlocking the files they had coded with malware. North Korea denies any role in cybercrimes.
The majority of attacks from North Korean hackers in the past year have focused on financial gain rather than government secrets, according to researchers dealing with them. The shift of focus may accelerate this year as the UN is stepping up its efforts to cut the flow of funds used by the regime to fuel its nuclear arms development.
“North Korean threats meant attacks on the government and national defense, but now they are looming very large over the private sector,” Lee Dong-geun, chief analyst at the government-run Korea Internet Security Center in Seoul, said at a forum. “They are primarily after information for financial ends.”