North Korea Linked to 'Vast' & 'Illicit' Network Raising Funds Using Cryptocurrencies, Cybersecurity Researchers Report

  • North Korean leadership appears to be using advanced internet tools and is more tech savvy than expected, cybersecurity firm Insikt Group reported. 
  • Insikt added that North Korean entities linked to "enablers" in Singapore may be responsible for orchestrating large-scale crypto and blockchain-related scams.

Insikt Group, a cybersecurity research organization, recently published a blog post that reveals important details regarding the “internet activity” of North Korea’s government - which includes a cryptocurrency scam referred to as “Marine Chain.”

Insikt’s investigation has reportedly been carried out by examining third-party data sources, “IP geolocation”, and other advanced online surveillance tools. 

"Key Judgements" From Insikt Group

“Key judgements” made by the security firm include:

  • “Pattern-of-life” in North Korea, as analyzed through Insikt’s surveillance, indicates the internet is “probably becoming a more regular professional tool” for the nation’s “senior leadership.”
  • Professional networking platform, LinkedIn, is still being used by North Korean leaders, however, the “migration away from Western social media and services we observed in early 2018 has persisted.”
  • It is now more difficult now to track activities of country’s senior leaders due to increased global availablility and accessibility of advanced “internet infrastructure” services.
  • China, Thailand, Indonesia, India, Bangladesh, Nepal, Kenya, Mozambique are “likely hosting North Korean workers who are employed in the service or information economy”,
  • Proliferation of an “asset-backed cryptocurrency scam” known as “Marine Chain” believed to be operated by North Korean “enablers” located in Singapore.
  • Other possible crypto scams linked to North Korea were those involving “InterStellar, Stellar, HOLD, HUZU.”

Insikt’s 22-page cyber threat analysis report confirmed earlier findings that North Korean leaders were mining bitcoin (BTC) and monero (XMR) “at a very small scale.” The online security firm also discovered other crypto-related activities of a more serious nature, or potentially more harmful, in June of 2018.

Potential "HOLD Coin" Scam

As mentioned, one such potential scam involves:

[HOLD coin which was] listed and delisted on a series of exchanges, underwent a rebranding, changed its name to HUZU, and as of this publication, has left its investors high and dry.

Insikt Group Report

However, Insikt’s report only “assesses with low confidence” that individuals and organizations in North Korea were actually involved in these scams. The cybersecurity company also noted that it had “discovered at least one other” blockchain-related “scam” which it reports with “high confidence was conducted on behalf of North Korea.”

According to Insikt, the blockchain scam was carried out through the “Marine Chain platform.” Dating back to August of 2018, the security firm wrote that it “came across discussions” involving Marine Chain on various Bitcoin forums.

As described on these forums, “Marine Chain was supposedly an asset-backed cryptocurrency that enabled the tokenization of maritime vessels for multiple users and owners.”

"Vast" And "Illict" Network Uses Crypto To Raise Funds For North Korea

However, websites linked with Marine Chain were found to be also associated previously with a "fraudulent binary options trading company called Binary Tilt”, Insikt’s report noted.

One of the main people identified in the Marine Chain scam is Capt. Foong, a crypto scammer who may have links to Singaporean firms that are believed to have helped North Korean authorities bypass US-led political and economic sanctions.

Insikt’s findings indicate Foong’s “connections to Marine Chain Platform mark the first time this vast and illicit network has utilized cryptocurrencies or blockchain technology to raise funds for the Kim regime.”