A new report by security research firm FireEye suggests that North Korea is using state-sponsored hackers to steal Bitcoin to circumvent sanctions and fund the regime.
According to the report, the state-sponsored hackers attacked three South Korean cryptocurrency exchanges since May 2017 to steal funds. They targeted personal email accounts of employees at digital currency exchanges, frequently used tax-themed lures and deployed malware.
By compromising a Bitcoin exchange, hackers can manage to move cryptocurrencies out of online wallets, swap them for other, more anonymous cryptocurrencies or send them directly to other wallets on different exchanges to withdraw them in fiat currencies such as South Korean won, US dollars, or Chinese renminbi, according to the security firm.
“With North Korea’s tight control of its military and intelligence capabilities, it is likely that this activity was carried out to fund the state or personal coffers of Pyongyang’s elite, as international sanctions have constricted the Hermit Kingdom,” FireEye said in a statement.
According to a report in Forbes, North Korea has built “an army of hackers” to target South Korea, which is the “hectic trading hub for the cryptocurrency.” The report noted that “the massive popularity of the cryptocurrency gained Kim Jong-un’s attention” and this represents a great opportunity for crypto traders.
In addition to targeting Bitcoin and cryptocurrency exchanges, the North Korean hackers also involved in other financial crimes to fund state coffers, according to FireEye.
“North Korea’s Office 39 is involved in activities such as gold smuggling, counterfeiting foreign currency, and even operating restaurants. Besides a focus on the global banking system and cryptocurrency exchanges, a recent report by a South Korean institute noted involvement by North Korean actors in targeting ATMs with malware, likely actors at the very least supporting similar ends,” the security research firm said.