North Korea, a pariah state widely believed to have been behind cyberattacks on financial institutions around the world in recent years, may also have tried to pilfer cryptocurrencies to get around sanctions, a prominent cybersecurity firm said.
Actors tied to the isolated nation have been involved in attacks on cryptocurrency exchanges in South Korea, FireEye said.
“Since May 2017, we have observed North Korean actors target at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds,” Luke McNamara, a senior cyber threat intelligence analyst at FireEye, wrote in a blog post published Monday. “The spearphishing we have observed in these cases often targets personal email accounts of employees at digital currency exchanges, frequently using tax-themed lures and deploying malware … linked to North Korean actors suspected to be responsible for intrusions into global banks in 2016.”
The claims come at a time when the communist nation’s relations with the international community – never all that warm – have been particularly frosty. On Tuesday, the UN Security Council unanimously approved new sanctions against North Korea a week after it conducted its sixth and largest nuclear test to date.
McNamara’s post did not identify the three exchanges allegedly targeted or give any indication that the theft attempts were successful. An incident in April, in which wallets at the South Korean exchange Yapizon were compromised, cannot be clearly tied to North Korean actors, he wrote.
Cryptocurrency may be an appealing way for Pyongyang to skirt international financial controls, suggested McNamara, who is based in the Washington, D.C., area.
“If actors compromise an exchange itself (as opposed to an individual account or wallet) they potentially can move cryptocurrencies out of online wallets, swapping them for other, more anonymous cryptocurrencies or send them directly to other wallets on different exchanges to withdraw them in fiat currencies such as South Korean won, US dollars, or Chinese renminbi,” McNamara wrote, adding:
“As the regulatory environment around cryptocurrencies is still emerging, some exchanges in different jurisdictions may have lax anti-money laundering controls easing this process and make the exchanges an attractive tactic for anyone seeking hard currency.”
The Permanent Mission to the United Nations of the Democratic People’s Republic of Korea did not immediately respond to a request for comment.
North Korea image by Shutterstock