FireEye’s report suggested that North Korean hackers are attempting to breach into South Korean cryptocurrency exchanges and steal user funds in Bitcoin and Ethereum.
Since May 2017, FireEye researchers claimed that North Korean hackers have been consistently targeting South Korean exchanges like Yapizon, which underwent major security breaches.
The FireEye report read:
“Add to that the ties between North Korean operators and a watering hole compromise of a Bitcoin news site in 2016, as well as at least one instance of usage of a surreptitious cryptocurrency miner, and we begin to see a picture of North Korean interest in cryptocurrencies, an asset class in which Bitcoin alone has increased over 400 percent since the beginning of this year.”
“Spearfishing” the largest Bitcoin exchanges in South Korea
The research firm further emphasized that a method called “spearfishing” has been used against some of the largest Bitcoin exchanges in South Korea.
By targeting users with tax-related phishing attacks, and deploying malware such as PEACHPIT, FireEye claimed that North Korean hackers were able to gain access to the accounts of many South Korean Bitcoin and Ethereum users.
The report added:
“The spearphishing we have observed in these cases often targets personal email accounts of employees at digital currency exchanges, frequently using tax-themed lures and deploying malware (PEACHPIT and similar variants) linked to North Korean actors suspected to be responsible for intrusions into global banks in 2016.”
Throughout its report, researchers and analysts at FireEye state that the initiation of hacking attacks toward South Korean cryptocurrency trading platforms coincided with the enforcement of increased economic sanctions against North Korea by the US and the international community.
The report revealed that the first spearfishing attacks against South Korean trading platforms began in early May, targeting a single exchange.
In late May, a second Bitcoin exchange was reportedly breached by North Korean hackers, compromising user funds.
In early July, FireEye researchers claimed that a third major South Korean exchange was targeted, with a method which directly allowed North Korean hackers to threaten personal accounts through spearfishing.
North Korean Hacks