North Korea has again been subject to accusations from its southern neighbour regarding a series of hacks executed throughout 2017 that netted cryptocurrency valued at the equivalent of tens of billions of won, according to Chosun. Additionally, South Korea claimed that its domestic exchanges are still having to repel attempted cyberattacks from the rogue state led by Kim Jong-un.
Indeed, on Monday, Kim Byung-kee, the former head of the National Intelligence Service (NIS) and current member of the National Assembly’s Intelligence Committee, revealed that:
North Korea sent emails that could hack into cryptocurrency exchanges and their customers’ private information and stole (cryptocurrency) worth billions of won.”
For context, won (₩) is the currency of South Korea. ₩1 billion is equivalent to $910,000 (USD).
Monday’s comments from Byung-kee came as the NIS briefed the Intelligence Committee on last year’s cyberattack activity.
Notably, the NIS revealed that they weren’t the only one to fall victim to North Korean hackers; sharing their belief that their neighbour was also responsible for last month’s exfiltration of roughly 500 million NEM tokens from Coincheck – one of Japan’s largest crypto exchanges. The heist supplanted the infamous Mt. Gox incident en route to becoming “the biggest theft in the history of the world,” according to the President of the NEM.io Foundation, Lon Wong.
The technique of hacking that Byung-kee described constitutes a phishing attack. These often come in the form of an email disguised as an official, trustworthy entity, such as a bank.
Phishing emails typically make use of a malicious link pointed to the phisher’s webpage. Alternatively, they will include attached documents that are laced with malware designed for theft of sensitive information, account compromise, or surveillance.
A type of phishing technique, called spear phishing, has been proven to be a popular choice of North Korean hackers. This is how Youbit, the now-bankrupt exchange, became compromised twice last year; once as Yapizon in April, and again in December after rebranding.
Suspicions have intensified in recent times over the possibility that the North Korean government is administering these cyberattacks in an effort to accumulate Bitcoin and other cryptocurrencies. The incentive is certainly there, for they could then circumvent punitive trade sanctions and continue to fund their military arsenal.
The exchange-related news out of South Korea didn’t stop today, with Coinpia announcing that trading and deposits have been suspended. The exchange was recently punished, incurring a fine from the Korea Communications Commission.
Image From Shutterstock
