Is North Korea Hacking Bitcoin To Evade Sanctions?

By Himanshu Goenka @HimGoJourno On 12/18/17 AT 2:17 AM

As the price of bitcoin continues to scale new heights (now over $19,000), it is also becoming increasingly attractive to hackers, and according to some security analysts’ reports, North Korea may be trying to steal the cryptocurrency. In a related development, the South Korean government announced Monday it was tracking its northern neighbor’s bitcoin-activity.

Without confirming that it had any evidence that would ascertain the North’s involvement in bitcoin hacking, a spokesman for South Korea’s Unification Ministry said the government was monitoring the North Korean trend related to bitcoin.

“We are aware that North Korea have been engaged in various activities so far to evade sanctions and earn foreign currency. … We are continuing efforts to block North Korea’s hacking attempts,” Baik Tae-hyun from the ministry said at a press briefing, South Korea’s Yonhap News Agency reported.

In the light of international sanctions that greatly restrict foreign trade, it makes logical sense for North Korea to seek the cryptocurrency route, which would allow it access to valuable foreign exchange, bypassing the sanctions. The Kim Jong Un-ruled country has made no secret of its interest in bitcoin, but has denied, on multiple occasions, having any part in hacking attacks on the cryptocurrency.

However, a hacking group supposedly linked to the isolated country is thought to be behind a string of attacks in the last few months, all aimed at gathering bitcoin. The latest such attack by the Lazarus Group was discovered by information security service SecureWorks in November. It was a spearphishing attack delivered in late October, and targeted employees of cryptocurrency trading companies with a false job advertisement.

The attack worked by prompting victims to open a Word attachment, and accepting “Enable Editing” and “Enable Content” functions, which would actually trigger a malicious code that would install a trojan on the computer. Once that is done, additional malware can be downloaded to the machine later using remote access, the security firm explained in a post Friday.

“Our inference based on previous activity is that this is the goal of the attack, particularly in light of recent reporting from other sources that North Korea has an increased focus on bitcoin and obtaining bitcoin,” Rafe Pilling, senior security researcher at SecureWorks, told ZDNet.

According to another analyst, North Korea could also be mining bitcoin, an energy-intensive process. Substantial energy resources is one of the few of the impoverished country’s strengths, one it could be making the most of by converting it into money, according to Dave Venable of Masergy.

“This is a very easy way for them to effectively export energy, in a way that is probably a lot more profitable and doesn’t involve shipping coal,” he told Bloomberg.

It is not known how much bitcoin North Korea holds, and the South Korean official was tightlipped about any information the government may hold about such an estimate, Yonhap reported.