29.03.2024

North Korean Hackers Ramp Up Malware Attacks Against Bitcoin Exchange Staff

The blame for such intrusions is being directed firmly at North Korea, where many of the attacks are believed to originate. Malware targeted against cryptocurrency users is becoming increasingly prevalent, a new report shows. Attacks are also getting more sophisticated, with enterprising hackers less focused on cryptocurrency holders and more intent on directing their firepower at bitcoin exchanges.

It Came From The North

New statistics released by the Korea Internet Security Agency (KISA) have identified over 5,000 instances of ransomware damage between January and September of this year. This was a 3.7x increase on the same period last year, and was accompanied by a spate of malicious code injections. While much of this malware was ransomware-based, 44 attacks were specifically designed to steal personal information from the targets.

Cryptocurrency holders must constantly remain vigilant against malware attacks, but for exchange staffers, overseeing millions of dollars of digital assets, this requirement exponentially heightens. In July, it emerged that hackers had been trying to infiltrate South Korean exchanges and with some success. Malware injections were directed against exchange employees who didn’t have to look far to find the source of the attacks.

Something Phishy

North Korea is a nation which doesn’t excel on many fronts, but its hacking prowess is a matter of national pride and international hand-wringing. It’s become fashionable to blame the North Koreans for all manner of internet mischief, from the Sony pictures hack to distributing ransomware across the web. It was inevitable that North Korea would be accused of trying to infiltrate its southern neighbor’s bitcoin exchanges, and the evidence is compelling.

The Yonhap News Agency reported a KISA official as saying:

Hackers are boldly spreading malicious code not only to hunt for bitcoins but to directly attack internet sites. Such attacks are likely to continue.

Cybersecurity firm Fire Eye previously revealed further details of the summertime assault on South Korean exchanges, asserting that the attempted theft of bitcoin was to fill “the personal coffers of Pyongyang’s elite” and intended “as a means of evading sanctions and obtaining hard safe haven currencies to fund the regime”.

Thankfully for South Korea’s exchanges, the country seems to have no shortage of entities tasked with safeguarding key cyber infrastructure. In recent weeks, both the National Police Agency (NPA) and Cyber Warfare Intelligence Center of South Korea have warned of further incursions by North Korean hackers. Email phishing attempts are a favored attack vector, and it’s one that’s borne fruit on a number of occasions.

The NPA reported that 25 employees from four South Korean exchanges have been targeted from a North Korean IP address, with the Yapizon exchange surrendering $5 million of funds, including bitcoin, following a successful breach. For political and financial reasons, South Korean cryptocurrency exchanges are an alluring target for North Korean hackers. As the value of the cryptocurrency markets continues to rise, officials have warned exchange staffers to remain on high alert.

Leave a Reply

Your email address will not be published. Required fields are marked *