- North Korea-backed hacker groups have increasingly adopted cryptocurrency-focused malicious campaigns as an effective means of generating income for the reclusive nation.
- Experts believe that the notorious North Korean hacker group Lazarus is responsible for targeting attacks against at least five cryptocurrency exchanges.
North Korea’s burgeoning cyber army appears to have specifically honed its attack skills to target cryptocurrency-related organizations. In the face of mounting and crippling international sanctions, Pyongyang’s various hacker groups have increasingly adopted cryptocurrency-focused malicious campaigns as an effective means of generating income for the reclusive nation.
Security experts at Group-IB believe that the notorious North Korean hacker group Lazarus is responsible for targeting attacks against at least five cryptocurrency exchanges. Since 2017, Lazarus successfully launched attacks against cryptocurrency such as Yapizon, Coinis, YouBit, Coincheck, and Bithumb, stealing a total of around $571 million, Group-IB researchers said in a report.
Pyongyang operational security
According to security researchers at Recorded Future, even as Pyongyang’s ruling elite become better at operational security, the impoverished nation’s hackers began mounting a specialized cryptocurrency scam by creating a completely functional scam digital coin called Marine Chain.
“We came across discussions of Marine Chain as a cryptocurrency in a couple of Bitcoin forums in August 2018. Marine Chain was supposedly an asset-backed cryptocurrency that enabled the tokenization of maritime vessels for multiple users and owners,” Recorded Future researchers wrote in a report. “The Marine Chain website no longer resolves but was operated by a company called Marine Chain Platform. Aside from a LinkedIn page, the company had minimal online presence, no customer testimonials, and few staff.”
Internet as a tool
The researchers also discovered that Marine Chain’s website was hosted on 4 different IP addresses, which, in turn, hosted various other cryptocurrency scams between 2017 and 2018. The researchers believe that the anyone who invested in Marine Chain suffered losses.
Marine Chain was also linked to several North Korean citizens who launched a cryptocurrency earlier this year. This digital coin has since been rebranded four times - Interstellar, Stellar, HOLD, or HUZU. However, this cryptocurrency was later shut down, with the individuals behind the scam making away with all the funds invested by users.
According to the Recorded Future researchers, Pyongyang’s ruling elite has refined the use of the Internet as a tool to generate funds for the impoverished nation.
“It is this marrying of the physical and virtual that enables North Korea’s success and confounds international regulators and enforcers,” the researchers added. “It may never be possible to assign an exact dollar figure to the value North Korea derives from the internet, but its significance cannot be underestimated.”