North Korea is like a land-locked country in the sense that its diplomatic and economic relations with other countries are very limited. When I say limited, the limit extends to just a few selected countries like China and Russia. It is surprising to see that in a country with such limited resources and contracted accessibility to the world, the high volume of trade in virtual currency in North Korea is beyond doubt a phenomenon that must be explored.
Back in 2016, there were cases all over the world where investors lost a lot of money in fraudulent schemes concerning virtual currency that were located in North Korea. It was alleged that these hackers had the government backing to conduct the malpractices disrupting the financial system of the world. It was discovered that all the illicit economic activities were managed in North Korea with the aim of utilizing the money in Pyongyang. After all, it is impossible to run an isolated state with no economic activity and social ties for support.
Now, we are seeing a new trend of stealing bitcoins and other virtual currencies from the stock trade platforms with the aim of sustaining the development in North Korea at the expense of other people’s investments from hard-earned money. Since the inception of this year, North Korea has attacked 3 different locations in South Korea with the aim of stealing their virtual currency which was worth millions of dollars. The hackers in North Korea attack bankers, investors, and people from white collar jobs with offers that are bogus but luring for investors due to their immensely high returns.
2017 North Korean Activity Against South Korean Cryptocurrency Targets
- April 22 – Four wallets on Yapizon, a South-Korean cryptocurrency exchange, are compromised. (It is worth noting that at least some of the tactics, techniques, and procedures were reportedly employed during this compromise were different than those we have observed in following intrusion attempts and as of yet there are no clear indications of North Korean involvement).
- April 26 – The United States of America announces a strategy of imposing more economic sanctions against North Korea. Sanctions from the international community could be compelling North Korea towards cryptocurrency.
- Early May – Spearphishing against South Korean Exchange #1 begins.
- Late May – South Korean Exchange #2 compromised via spearphish.
- Early June – More suspected North Korean activity targeting unknown victims, believed to be cryptocurrency service providers in South Korea.
- Early July – South Korean Exchange #3 targeted via spear phishing to a personal account.