FireEye Report Confirms North Korean Hackers Continue to Target Bitcoin Exchanges

There are some interesting developments taking place in North Korea right now. It appears state-sponsored hackers are actively targeting South Korean cryptocurrency exchanges these days. It may lead to additional hacks affecting such platforms moving forward. After all, there have been multiple incidents affecting South Korean exchanges throughout 2017.

North Korean Hackers Target Bitcoin Exchanges

According to a new report by FireEye, North Korean hackers have found a new prominent target to successfully annoy their South Korean counterparts. By executing these hacks, they are effectively causing financial damages to South Korean companies. Such behavior should not be allowed by any means, but it remains unclear how issues like these can be prevented in the future. After all, the hackers target South Korean Bitcoin exchanges and they have successfully caused a lot of damage.

These incidents became apparent in 2016. At that time, the FireEye team started tracking a group of hackers who were assumed to be of North Korean origin. The intrusion capabilities used by these hackers mainly revolve around cybercrime efforts involving banks and other entities in the financial system. In the past, North Korean hackers were mainly known for their cyber espionage efforts which are to be believed state-sponsored.

With this renewed focus on the financial sector, it was only a matter of time until the North Korean hackers started exploiting cryptocurrency exchanges used by South Korean citizens. So far, there have been over half a dozen recorded incidents affecting exchanges thanks to North Korean hackers. There are still state-sponsored actors who are looking to steal bitcoins and other virtual currencies to evade sanctions and come up with new ways to fund North Korea’s regime at the same time.

There have been a few recent incidents which are facilitated through spearphishing campaigns. This method involves sending bogus emails to South Korean exchange customers as a way to obtain their line credentials to drain account balances. At least three exchanges have been targeted by these attacks since May of 2017, which goes to show the state-sponsored actors are stepping up their game.

FireEye lists some of the incidents involved North Korean hackers. The Yapizon exchange compromise in April of this year, for example, is a direct result of North Korean hacker activity. There is also evidence of actions against two other unnamed exchanges, but Coinone and Bithumb are two names that come to mind. In fact, Bithumb suffered a big hack earlier this year. It is possible that specific incident involves North Korean hackers as well, but this has not been confirmed by the security firm.

All of this goes to show the war between North Korea and South Korea is beginning to include Bitcoin and cryptocurrencies. With these currencies largely unregulated by both nations, there are no official repercussions for stealing customer funds. It also provides the state-sponsored hackers with a powerful financial tool to fund future operations. It will be interesting to see how this situation unfolds over the coming months and years.