According to a report by the US cybersecurity firm SecureWorks released on December 15, 2017, Lazarus, the North Korean hacking group, may be plotting to launch a widespread attack targeting top personalities in the cryptocurrency ecosystem. At this time, it appears as if the payload will be delivered through authentic-looking emails loaded with attachments containing malware, but that may change in the near future. In general, malware-laden emails are not rare and typically known as phishing attempts.
SecureWorks said that it had been monitoring one such phishing attempt in October 2017 when a group of malicious emails was sent out, containing a compromised link for a job application at a London-based cryptocurrency company. If an unsuspecting user clicked on such a link, malware would be downloaded and installed on their computer, giving the hackers full control and the ability to upload a copy of their data.
SecureWorks’ Counter Threat Unit (CTU) went on to state that with the rising prices of major cryptocurrencies, it is likely that North Korean interest in them is at an all-time high and any related activities will not cease anytime soon.
Lazarus, the hacking group in question, is suspected of being responsible for several major cybercrime incidents, including the infamous 2014 Sony hack, that was rumored to be spurred by the release of “The Interview,” a film depicting North Korean leader Kim Jong-un.
Given that the average North Korean citizen has no real access to the internet, it has been long speculated that Lazarus maintains deep ties with the North Korean government. Furthermore, it may not be outlandish for them to be colluding, especially since the regime has shown a tendency to spy on other countries, among other clandestine activities.
A recent report from a South Korean spy agency also revealed North Korea’s possible involvement in several intrusions affecting cryptocurrency exchanges throughout 2017. An estimated $7 million worth of bitcoin and ether have been siphoned off as a result of these hacks. In addition to that, over 30,000 South Korean identities were also stolen, leading further credence to the theory that North Korea hackers could be responsible.
South Korea currently accounts for a large percentage of the global cryptocurrency trading volume. At the time of writing, Bithumb, the country’s largest cryptocurrency exchange, accounts for seven to eight percent of all bitcoin trades within the past 24 hours. Compared to exchanges that offer services to Americans, such as Coinbase’s GDAX, Bithumb’s trade volume is significantly higher and almost double at times. When you combine the geographical proximity and resulting political tension between the two Korean nations, the motivation for these hacks becomes evident.
Surprisingly, North Korean involvement in bitcoin goes back several years, even as early as 2013 when IP addresses belonging to computers linked to previous cyber attacks were discovered experimenting with the cryptocurrency. A SecureWorks spokesperson stated that a more detailed, full-fledged report would be published by the company at a later date. Hopefully, we will then be able to estimate better just how much influence North Korea has over the cryptocurrency market.