North Korean Lazarus Group Attempt to Hack Cryptocurrency Businesses

Last Modified:12 May 2020 17:54:49
North Korean Lazarus Group Attempt to Hack Cryptocurrency Businesses

The Bitcoin policies of North Korea are not yet created officially. Because the national economy, closed borders, the anti-human-movement laws, and internet censorship in this country make the use of Bitcoin in North Korea very difficult. Cryptocurrencies violate the laws of North Korea as decentralized and anonymous money; especially those laws that do not confirm Blockchain-based technologies. However, there are preliminary rules for other purposes.

North Korea Considers Hacking Cryptocurrencies as a Way to Circumvent Sanctions

According to the new report published by the security and anti-virus Kaspersky Lab on March 26, the Lazarus group is still attempting to hack cryptocurrencies by using new tactics. This team, which is a part of North Korean government hackers, intends to help circumvent sanctions by hacking cryptocurrency businesses.

The Lazarus group which is backed by the government has been engaged in operation since last November. In this operation, they have tried to use PowerShell to manage and control the windows malware macOS. According to reports, the Lazarus team has made custom PowerShell scripts which interact with destructive C2 servers and execute orders from the operator.

According to Kaspersky, the cyber bill company, institutes that are in contact with cryptocurrencies are targeted by this group after downloading and installing infected windows and malwares. This company warned the companies that are in the crypto industry to be careful and never download Microsoft Office documents from invalid and anonymous sources.

What Hacks Have Been Undertaken by the North Korean Lazarus Group?

These attacks are the continuation of other attacks by this group. As it was reported earlier, the Lazarus group is responsible for stealing $571 million in cryptocurrencies. This theft took place in online exchanges from January 2017 to September 2018.

Data show that Pyongyang has succeeded in earning $670 million’s worth of foreign currencies and cryptocurrencies via this cyber-attack. UN Panel considers that aim of North Korea by these attacks circumventing sanctions. South Korea has directly convicted North Korea of stealing millions of dollars from crypto exchanges, and the South Korean officials are investigating to see whether Lazarus was responsible for stealing 350 million NEM from Coincheck. The targets of this group are not only large businesses but also individual investors.

While North Korean hackers are not satisfied by only stealing fiat money and cryptocurrencies, the Lazars group only focuses on financial sources.

The Singapore crypto exchange was recently hacked, and users’ cryptocurrencies were moved and stolen. This company showed that which wallet was related to this attack.

Another exchange whose users are worried about being hacked is the CoinBase exchange. This large exchange has recently entered a maintenance period and concurrently to that users realized that a huge proportion of their cryptocurrencies were moved from their wallets. This made this exchange to be the suspect of hacking.

Altogether, the use of cryptocurrencies to circumvent sanctions seems to be a smart move, but the fact that North Korea would do this by hacking other exchanges is yet another human rights violation. Meanwhile, countries such as Venezuela and Iran are attempting to circumvent sanctions by using and launching their own national cryptocurrencies. For example, four Iranian banks are negotiating with Switzerland, South Africa, France, England, Russia, Austria, Germany, and Bosnia to engage in financial trades with Iranian national gold-backed cryptocurrency called PayMon.