North Korean Hackers Move Onto Attacking Individuals After Exchanges Boost Security

The CEO of cybersecurity firm Cuvepia declared that his company detected over 30 attacks on crypto-bearing individuals probably carried out by North Korean hackers, English-language media site South China Morning Post reports Nov. 29.

Kwon Seok-Chul, the CEO of the aforementioned South Korean cybersecurity company, said that the new targets of the suspected North Korean cyberattacks “are just simple wallet users investing in cryptocurrency.” He then added that many cases probably haven’t been detected, and that there may have been well over 100 attacks.

As the article states, the “targeting of individuals holding virtual currencies such as Bitcoin (BTC) marks a departure from its previous methods.” As Cointelegraph reported this October, North Korea allegedly backed two cryptocurrency scams this year: hacks funded by the country reportedly comprise of 65% of all cryptocurrency stolen to date.

Simon Choi, founder of cyber warfare research company IssueMakersLab, attributes the shift towards attacking individuals to cybersecurity enhancements by exchanges and financial institutions:

“Direct attacks on exchanges have become harder, so hackers are thinking about alternatively going after individual users with weak security.”

Choi also said that most targets have been wealthy South Koreans since “they believe that if they target CEOs of wealthy firms and heads of organisations” then “they can take advantage of billions of won in virtual currencies.”

According to Luke McNamara, an analyst at cybersecurity company FireEye, “it’s possible from previous intrusions they’ve been able to collect information” about “people using these [cryptocurrency] exchanges.”

McNamara explained that “when they understand and know the targets” then “they are able to craft lures specific to those organisations or entities.” He added that this makes them “effective at what they are doing.”

As Cointelegraph reported, Kaspersky Labs claims that North Korean hacker collective Lazarus Group used the “first” macOS malware to hack a crypto exchange. Experts have also argued that North Korea increasingly uses cryptocurrencies to avoid U.S. sanctions.

Kim Jong Un May Be Using Stolen Crypto to Offset Economic Fallout   May 14, 2020
Cellebrite Launches Crypto Tracer Solution to Track Illicit Transactions   July 28, 2020
UpBit Exchange Phishing Email Scam Came From North Korea, Source Claims   May 31, 2019
Bithumb Announces External Audit Results in Wake of $13 Million Hack   April 11, 2019
North Korean hackers stole $400M in 2021, mostly ETH: Chainalysis   Jan. 14, 2022