North Korean hackers are increasingly stealing bitcoin in an attempt to offset international sanctions and raise funds for the government of Kim Jong-un, researchers say.
According to cybersecurity firm FireEye, at least three South Korean cryptocurrency exchanges have been targeted since May by state-sponsored actors working for Pyongyang.
The hackers are said to have sent spearphising emails containing PEACHPIT, malware previously linked to North Korea, to the personal accounts of employees at the exchanges.
A timeline presented by FireEye shows what appears to be an uptick in attacks against cryptocurrency-related entities in South Korea following the United States’ April announcement concerning economic sanctions against Pyongyang.
“While bitcoin and cryptocurrency exchanges may seem like odd targets for nation state actors interested in funding state coffers, some of the other illicit endeavors North Korea pursues further demonstrate interest in conducting financial crime on the regime’s behalf,” FireEye’s Luke McNamara writes.
FireEye also said the hackers had compromised an English-language bitcoin news site in what may have been an attempt to target its users.
Known more for standard espionage, North Korean hackers are increasingly compromising financial institutions for the sole purpose of monetary gain.
In what is believed to be its first such attack, Pyongyang successfully stole $81 million in 2016 after hacking into the central bank of Bangladesh.
“Consequently, it should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise,” McNamara writes.
Cybersecurity analysts believe North Korea will likely devote more resources to obtaining digital currencies as the international community pushes back against Pyongyang’s missile and nuclear weapons programs.
The United Nations Security Council Monday approved the latest U.S.-led sanctions package against the Kim regime following North Korea’s test of a purported hydrogen bomb.
Last May, suspected North Korean hackers began targeting U.N. experts investigating potential sanctions violations by the regime.