- Sputnik International
Find top stories and features from Asia and the Pacific region. Keep updated on major political stories and analyses from Asia and the Pacific. All you want to know about China, Japan, North and South Korea, India and Pakistan, Southeast Asia and Oceania.

US Cybersecurity Agency Accuses North Korea of Cryptocurrency Cyber Heist

© Flickr / AntanaBitcoin is a decentralized form of digital currency, created and held online all over the world. The cryptocurrency is used to buy things electronically.
Bitcoin is a decentralized form of digital currency, created and held online all over the world. The cryptocurrency is used to buy things electronically. - Sputnik International
Cybersecurity experts have linked North Korea to an apparent attack on South Korean cryptocurrency exchanges, claiming that Pyongyang’s black hats used the same malware code that was unleashed against Sony in 2014.

US cybersecurity firm Recorded Future claimed that in late 2017, a hack attack was launched against Coinlink. The attackers attempted to steal the passwords and emails of Coinlink employees, but the attack was repulsed.

Recorded Future added that they analyzed the malware used by the attackers and found that it matched two previous attacks: the 2014 hack of Sony Pictures and the 2017 WannaCry attack on hundreds of different groups, most notably the British National Health Service.

Bitcoin cryptocurrency - Sputnik International
Bubble Trouble: South Korea Considers Ban on All Cryptocurrency Exchanges

However, a statement released by Coinlink rebuked the report, insisting that no attacks were made against their exchange from North Korea or elsewhere.

In 2014, hacking group Lazarus launched a cyberattack against Sony Pictures in 2014 in retaliation for the studio's distribution of "The Interview," a comedy film about an assassination attempt against North Korean leader Kim Jong-un. North Korea has denied responsibility for the attack.

In May 2017, a ransomware known as WannaCry infected 300,000 computers across 150 countries, threatening to slash data if a ransom of $300-$600 was not paid via cryptocurrency. Most refused to pay, causing an estimated hundreds of millions of dollars in damages. After cybersecurity experts analyzed the attack, the US, UK and Australian governments accused North Korea of being behind the attack — again, Pyongyang denied it.

Ransomware attacks global IT systems - Sputnik International
Pyongyang-Linked Hackers Attacked Cryptocurrency Exchanges in S Korea - Report

The common thread behind all three attacks is the Lazarus Group. The black hatters are thought to be a state-sponsored hacking group with the tacit support of Pyongyang. South Korean intelligence estimates that 1,700 state-sponsored hackers work for North Korea.

Lazarus first became active in at least 2009, when they gained infamy for spreading the MyDoom malware virus that targeted American and South Korean websites. The coordinated cyberattacks against North Korea's two biggest rivals affected websites including the White House, The Pentagon, the Blue House, the South Korean Ministry of Defense, and the South Korean National Assembly.

But in recent years, North Korea's purported hacking strategy has shifted from wreaking political havoc to gathering money from financial institutions. In 2016, Lazarus launched a cyberattack against the central bank of Bangladesh, making off with $81 million.

Bitcoin - Sputnik International
Cryptocurrency Market Slumps Amid Reports of Possible Restrictions in Asia

Their most recent approach has been to target cryptocurrency exchanges. In February 2017, they attacked Bithumb, a South Korean exchange, and stole $7 million. In December, they stole 17 percent of the assets of South Korean Bitcoin exchange service YouBit.

Analysts noted that all of these attacks used similar code patterns and tactics and matched politically motivated hacking attacks levied against South Korea.

Lazarus is also thought to be behind an attempt to hack the personal computer of South Korean Defense Minister Han Min-goo in September 2016. A second attack against the Defense Ministry in October 2017 succeeded in making off with 235 gigabytes of sensitive information

To participate in the discussion
log in or register
Заголовок открываемого материала