Report: North Korean Hackers Are Going After Individual Cryptocurrency Investors

Omar Faridi
  • Cybersecurity researchers have found that North Korean hackers are increasingly targeting individual cryptocurrency accounts.
  • Exchanges have increased their security, so cybercriminals are now looking to hack individual crypto wallets, the researchers noted.

Kwon Seok-Chul, the CEO of Cuvepia, a cybersecurity firm, recently revealed that his company discovered 30 new attacks on individual cryptocurrency investors - which have reportedly been carried out by North Korean hackers.

According to Seok-Chul, the new targets of Norea Korea’s cyberattacks are “just simply [cryptocurrency] wallet users investing in” digital assets. He also noted the problem might be more serious - as his firm had just start looking into the matter.

Notably, Seok-Chul believes there could be over 100 attacks on crypto wallet users which may have been orchestrated by North Korea-based cybercriminals. According to the South China Morning Post, the “targeting of individuals holding virtual currencies such as Bitcoin (BTC) marks a departure from [the North Korean regime’s] previous methods.”

Sending Emails With Infected Files To Victims

Explaining why individual digital currency investors may be easy to target, Seok-Chul said: 

When cryptocurrency [wallets] are hacked, there is nowhere one can make complaints, so hackers are increasingly hacking into [digital currency accounts]. Some of the attacks are carried out by sending the victims an email with infected (with a virus) file attachments.

When unsuspecting users download these files, which may be disguised as some ordinary program files, their computers may be infected with malicious malware scripts. The malware programs may then be used to obtain a user’s private account information - which may allow hackers to steal funds from their crypto wallets.

Exchanges Have Become Harder To Hack

Simon Choi, the founder of IssueMakersLab, an internet security and research firm, said that there has recently been a shift towards targeting individuals, instead of large exchanges and financial institutions. This may be due to the improved security of crypto platforms, which have been hacked numerous times this year.

Commenting on the different strategy used by cybercriminals, Choi stated: 

Direct attacks on exchanges have become harder, so hackers are thinking about alternatively going after individual users with weak security.

Choi further noted that attackers have been known to specifically go after wealthy South Korean citizens as “they believe that if they target CEOs of wealthy firms and heads of organizations, more so than ordinary people, [then] they can [potentially steal more] virtual currency [from each account].”

Luke McNamara, the principal analyst at FireEye, a Washington-based cybersecurity firm, thinks “it’s possible from previous intrusions they’ve been able to collect information” about “people using these [crypto] exchanges.”

"Vast" & "Illicit" Network For Raising Funds Using Crypto

McNamara added that “when [the hackers] understand and know the targets, they are able to craft lures specific to those organizations or entities” - which makes them more “effective at what they are doing.”

As CryptoGlobe reported in late October, Insikt Group, a cybersecurity research organization, had found evidence of North Korea being linked to a “vast” and “illicit” network for raising funds using cryptocurrencies.

According to Insikt Group’s findings, North Korean leadership appears to be using advanced internet tools and is more tech savvy than previously expected. The researchers also learned that North Korean entities have been using "enablers" in Singapore, Thailand, and various other countries - in order to orchestrate large-scale crypto and blockchain-related scams