North Korean hackers are suspected to be behind a heist played out in the summer of 2017, when a hacking group called Andariel took control of a South Korean company server and used it to mine about 70 Monero coins worth approximately $25,000 USD. Some speculate the hacking group may have ties to the North Korean government.
Kwak Kyoung-ju, the lead of a hacking analysis team at the South Korean government-backed Financial Security Institute says they have been investigating the hacking group who seem to be focused on raising capital. “Andariel is going after anything that generates cash these days. Dust gathered over time builds a mountain,” he says. It is suspected the hacking group has seized other South Korean based servers to mine cryptocurrencies in the past. The preferred currency of the group appears to be Monero. The relatively unknown coin has a strong focus on privacy and is likely to be more easily laundered than bitcoin. Monero mixes multiple transactions to make the tracing of funds more difficult.
Cryptocurrency mining increasingly appealing to hackers
Mining cryptocurrency requires high-powered computers and uses immense amounts of power. Hacking servers to perform mining tasks is an increasing objective for hacker groups as a way to fund their operations. In addition to the seizing of servers, hackers have used other methods to get their hands on valuable cryptocurrency. These involve both straight up theft as well as blackmail. North Korea was the target of accusation from the U.S. in relation to the WannaCry ransomware attack last year that affected hundreds of thousands of computers across the world. The attack consisted of hackers holding individual computer users to ransom, demanding bitcoin in exchange for unlocking the files that they had coded with malware. As cryptocurrencies skyrocketed in value in 2017 several large trading platforms became the target of hacker thieves. NiceHash, a company that provides its user the ability to offer up their computer’s processing power to help with the calculations needed to create new bitcoins, lost $63 million USD in a hack in early December. The Slovenian based company has since resumed operation.
Hackers shift focus from intelligence to cash
In the past, hacks from North Korea were expected to be targeting government institutions in an effort of intelligence gathering. But in recent years experts say the attacks they are seeing are more focused on financial gains. Lee Dong-geun, chief analyst at the government-run Korea Internet Security Center in Seoul, spoke at a recent forum in the South Korean capital: “North Korean threats meant attacks on the government and national defense, but now they are looming very large over the private sector. They are primarily after information for financial ends.” The accusations toward North Korea are increasing as its government continues to escalate its nuclear power capabilities causing more and more sanctions from other countries. These sanctions may mean the government is scrambling for cash to keep the country afloat. North Korea has denied all accusations being involved in any type of cyber attack.