North Korean hackers with the backing of Pyongyang are targeting cryptocurrency exchange platforms as part of efforts to raise funding for the country’s nuclear weapons program. Wired reports that several international cybersecurity experts believe a hacking syndicate based in the country is also responsible for attacks against banks across the globe.
North Korean Hacking Syndicates Target South Korean Platforms
Numerous cybersecurity experts believe that the infamous Lazarus group – a notorious state-sponsored hacking syndicate based in North Korea is responsible for many high-profile cryptocurrency exchange hacks.
Back in October 2018, BTCManager reported that the group was responsible for up to $571 million in cryptocurrency exchange hacks. Now, experts believe that within the Lazarus hacking group is an elite team of cybercriminals called APT 38 and that this team is responsible for most of the cyberattacks coming out of Pyongyang.
Data available to researchers shows that platforms in South Korea have been the focus of most of the group’s attacks. According to South Korean intelligence, hackers allegedly affiliated with North Korea were responsible for the Bithumb hack of 2018.
South Korean authorities also believe that North Korean hackers also orchestrated the $530 million Coincheck hack of January 2018.
For North Korea, cryptocurrency appears to be a readily available means by which the country can circumvent U.S.-led sanctions. The consensus among security experts is that Pyongyang is actively pursuing the utilization and exploitation of weaknesses in the emerging digital landscape from cryptojacking to cryptocurrency malware attacks.
According to the United Nations (UN), APT 38 and the entire North Korean state-sponsored hacking apparatus is increasingly targeting financial institutions around the world. In a report published by the UN Security Council earlier in March 2019, the Council accused Pyongyang of attempting to evade international sanctions by engaging in widespread cyber espionage, hacking and scamming its way to access funds.
Commenting on the threat level posed by APT 38, Ben Read of cybersecurity firm, FireEye, said:
“I think it is probably the most advanced of the North Korean groups. They’ve been able to compromise a lot of banks and move a lot of money outside their walls. If they do it well, it just sort of disappears.”
Alleged Links Between Hackers and Nuclear Program
So, why would a government sponsor and support hackers to carry out such crimes?
Turns out, the proceeds from the activities of APT 38 are continuously funneled into the country’s nuclear missile program. An anonymous source within the European security establishment quoted by Wired declared:
“Security analysts are unanimous in assessing that the funds stolen by APT 38 – a significant percentage of North Korean GDP – are channeled into the DPRK’s missile and nuclear development programs.”
In an article by The New York Times in March 2019, there are reports that North Korea had resumed its missile building activities. It appears Pyongyang’s state-sponsored cryptocurrency hacking scheme is indeed yielding dividends.