North Korea has long been an active hacking force with names such as the “Lazarus Group” being well known in cyber security circles. We have previously covered the attempts by North Korean hackers to infiltrate South Korean exchanges through security vulnerabilities.
It seems as if they have now resorted to one of the most rudimentary yet effective methods of gaining access, through the staff themselves. Via use of phishing emails that try to trick the staff to relinquish login details to the exchanges.
North Korean hacking prowess has been well documented. They have been blamed for a number of high profile attacks from the WannaCry malware attack to the Bank of Bangladesh heist that saw $90m been sent out of the bank.
However, one of the most lucrative and easy targets for the North Koreans is south of the border in South Korea. Bitcoin exchanges are like large bank vaults for the hackers and if they are able to breach the systems, then they can make off with really valuable and relatively untraceable cryptocurrency.
Although these exchanges may have the most advanced security protocols in place, very little can be done to guard against the error of staff who fall for a Phishing email. It is perhaps this reason that the hackers have resorted to this relatively low key attack vector to access the exchange.
Tracking the Hacks
This is something that the South Koreans are no doubt accutely aware of. It is for this reason that a number of entities have been focusing on the actions of malicious outside hacking groups. One such agency is the National Police Agency (NPA).
The NPA has kept track of the attempts by these groups to hack the exchanges via phishing emails. For example, they have reported that at least 25 employees from one of the South Korean exchanges received emails from North Korean IP addresses.
In one such case, the hackers were able to make away with at least $5m in Bitcoin and a number of other cryptocurrencies. What this shows is that it is incumbent on the exchanges to make sure that they train their staff to easily spot phishing emails and not respond to them.
Likely to Continue
The routine of North Korean hackers trying to target Bitcoin exchanges is likely to only increase. There are two main reasons. One is that the North Korean regime is increasingly becoming cash starved. As more sanctions are put in place, the need for external funds increases.
Secondly, as the price of cryptocurrencies advance to record highs, so too does the returns that a rouge regime can get from hacking exchanges. According to the Fire Eye cybersecurity firm, the hacking is used…
…as a means of evading sanctions and obtaining hard [safe haven] currencies to fund the regime
What this does indeed show is the inherent risks that could theoretically exist with keeping funds on an exchange. For those users who are not too familiar with the pain from the Mt Gox hack, when an exchange has your private keys, the exchange holds all of your funds.
With hackers abound, always keep your funds in a hardware wallet and try to avoid all phishing scams.