After reports of North Koreans using Bitcoin to evade sanctions and hackers involved in stealing half a billion dollars in cryptos from exchanges emerged, now experts say, they are targeting individual investors.
Watch Out for North Korean Hackers
A number of experts have previously shared that North Korea continues to use bitcoin to evade US sanctions. Just last month a report by Russian cybersecurity company Group IB stated that Lazarus, an infamous hacking group of North Korea stole about half a billion dollars in cryptocurrencies.
This group reportedly was also behind the 14 hacks on cryptocurrency exchanges since January 2017. Previously, the hackers tend to target exchanges and financial institutions but this time it’s individual investors.
Simon Choie, a senior researcher at Seoul-based Hauri, an anti-virus software firm said,
“Previously, hackers directly attacked exchanges. They targeted staff at the exchanges, but now they are attacking cryptocurrency users directly.”
This shift could be due to the strengthening of security by exchanges and financial institutions as he shares,
“They’ve already had successes and are continuing to progress, but during that time, the exchanges have become used to the attacks and boosted their security somewhat. Direct attacks on exchanges have become harder, so hackers are thinking about alternatively going after individual users with weak security.”
South China Morning Post quoted Choie as saying,
“With the US, the UN and others imposing sanctions on the North Korean economy, North Korea is in a difficult position economically, and cryptography has come to be seen as a good opportunity.”
About 30 such cases of hacking that could be over 100 as well due to being undetected have already been discovered by a South Korean cybersecurity firm called Cuvepia whose CEO Kwon Seok-Chul explains,
“They are just simple wallet users investing in cryptocurrency. In fact, when cryptocurrencies are hacked, there is nowhere one can make complaints, so hackers are increasingly hacking into cryptocurrencies.”
The recent victims of North Korean hackers have been CEOs and other wealthy South Koreans according to Choi,
“They believe that if they target CEOs of wealthy firms and heads of organisations, more so than ordinary people, they can take advantage of billions of won in virtual currencies.”
It is possible that hackers could have been able to extract information related to email addresses and usernames from their previous attacks in order to target individual crypto users according to Luke McNamara, an analyst at FireEye, a California-based cybersecurity firm.
McNamara further says, “When they understand and know the targets, when they are able to craft lures specific to those organisations or entities that they are going after – to me, that says they are effective at what they are doing.”