North Korean hackers have been accused of the largest cyber heists the world has ever seen – and, as sanctions on the secretive state start to bite, Pyonyang’s premiere hacking group has started stealing Bitcoin, too.
The cryptocurrency is perfectly suited for dodging sanctions, despite the ferocious volatility in its value, as payments are processed in a distributed manner rather than through a central authority.
New sanctions following North Korea’s most recent nuclear test will hamper its ability to legitimately import gas and oil from China, but the nation retains an ability – and an increasing interest – in generating enormous revenues through cybercrime.
Evidence suggests that a North Korean government bureau has been conducting illicit economic activity for quite some time.
From 2015 through to 2016, a series of sophisticated cyber heists targeting the SWIFT global financial messaging service allowed a state-sponsored cybercrime collective, which researchers called the Lazarus Group, to steal millions of dollars.
Cybersecurity researchers linked the Lazarus Group to North Korea, although it is not known whether it is part of the secretive government bureau Office 39, or a group hired by Pyonyang’s elite to fill their own coffers.
New research by cybersecurity firm FireEye’s Luke McNamara describes North Korea’s increasing interest in cryptocurrencies as an asset class, with the value of Bitcoin increasing by 400% since January of this year.
Mr McNamara notes how the secretive North Korean agency known informally as Office 39 has been a critical asset of the state by generating black market revenues since at least the 1970s.
It is estimated to bring $ 1bn a year through illicit activities, including counterfeiting US dollar currency, producing narcotics, and even smuggling gold.
FireEye’s research noted how escalating economic sanctions against North Korea were accompanied by an upsurge in spearphishing campaigns targeting South Korean cryptocurrency exchanges.
Targeting the exchanges rather than simply the Bitcoin itself offers the attackers an opportunity to anonymise the thefts or withdraw the digital cash for fiat currencies such as the South Korean won, US dollar or Chinese renminbi.
“It should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise,” said Mr McNamara.
“While at present North Korea is somewhat distinctive in both their willingness to engage in financial crime and their possession of cyber espionage capabilities, the uniqueness of this combination will likely not last long-term as rising cyber powers may see similar potential.
“Cyber criminals may no longer be the only nefarious actors in this space.”