North Korea Targets South Korean Computes to Mine Cryptocurrencies

A North Korean hacking unit seized a server belonging to a South Korean company to mine a cryptocurrency – yet another instance where Kim Jong Un’s regime is seeing finances pour in via cryptocurrencies.

According to Kwak Kyoung-ju, the lead of a hacking analysis team at the Financial Security Institute in South Korea, a North Korean hacking unit called Andariel took control of a server belonging to a company in the south to mine 70 Monero coins, according to Bloomberg. As of January 2nd, the mined coins are worth over $25,000.

“Andariel is going after anything that generates cash these days,” Kwak revealed. “Dust gathered over time builds a mountain.”

After a string of international sanctions that has seen trade bans and even oil supplies curbed, Pyongyang is increasingly looking at alternative sources of income to fund Kim Jong Un’s regime.

The hackers chose to mine Monero since it is a privacy-focused coin that is more anonymous than bitcoin, Kwak said. Monero uses a network of miners to verify its transactions, much like bitcoin. However, the cryptocurrency – by design – mixes multiple transactions to make it harder to trace the origin of the funds while adopting a “dual-key stealth” address mechanism to make its participants anonymous.

Such is the expertise of the hackers that Andariel seized control of the server and mined Monero while going undetected for over half a year.

It has to be noted that North Korean state-sponsored hackers are no longer focused on cyberespionage or stealing government secrets. Instead, their operations in 2017 have predominantly been centered on financial gains.

“North Korean threats meant attacks on the government and national defense, but now they are looming very large over the private sector,” said Lee Dong-geun, chief analyst at the government-run Korea Internet Security Center in Seoul. “They are primarily after information for financial ends.”

More recently, the US directly implicated North Korea for the sweeping global ransomware campaign, WannaCry. The comprehensive ransomware attack struck down hundreds of thousands of computers globally in 2017.

Image credit: Wikimedia.