North Korean Hackers Continue to Hack Computers to Mine Cryptocurrencies

Fibo Quantum

North Korean hackers continue to hack computers in South Korea and abroad to steal confidential information and mine cryptocurrencies

South Korea’s Intelligence Service has detected that North Korea is still hacking computers to mine cryptocurrencies. According to reports, North Korea’s goal is to bring extra cash into the country.  

AlienVault, a United States-based cybersecurity firm, has discovered certain software that installs code for mining cryptocurrency, more specifically, Monero (XMR). The software then sends mined coins to Kim Il-sung University in PyonyangAccording to reports, this appears to be the latest effort by Pyongyang to find an alternative stream of revenue. 

The North Korean server doesn’t seem to be connected to the wider Internet, though, raising the possibility that it was only included to trick observers into connecting the software to North Korea. This is the belief of university students and professors who aren’t North Korean and who think that North Korea may not be behind the mining.

Monero is the 9th largest cryptocurrency in the world with a value of more than seven billion U.S. dollars. Monero is particularly appealing to cyber criminals and it’s the preferred choice of payment among them because it’s easier to hide and launder compared to Bitcoin.

There have been previous reports of North Koreans mining Monero. In 2017, a North Korean hacking group called Andariel penetrated a server of a South Korean company with the goal of mining 70 Monero coins worth 25,000 U.S. dollars.

AlienVault also reported that a North Korean IP address has been active in Bitcoin trading and was related to cyberattacks in South Korea back in 2014 and 2015.

There has also been an increase in cryptocurrencies interest in North Korea. The Pyongyang University of Science and Technology recently invited a group of foreign experts to give lectures on cryptocurrencies. 

Pyongyang hopes cryptocurrencies may be an alternative source of financial income that can bring extra cash to deal with the highest level of sanctions in the history of North Korea, according to Arirang News. 

Over a year hacking to mining cryptocurrencies, and still going 

Hacking computers to mining cryptocurrencies to generate income has been the preferred modus operandi of North Korean hackers for over a year now.

Earlier this year in February, AlienVault Threat Engineer Chris Doman said that North Korea has been hacking on some networks and mining Monero, a type of cryptocurrency, for over a year back then. 

According to Chris Doman, some of the mining might be legitimate. However, there are also cases of hacking into people’s computers to mining Monero with the intention to steal the cryptocurrencies once they have been mined. 

Cryptocurrencies and the future: From stealing banking credentials to mining Bitcoin

According to Chris Doman, the future doesn’t look too bright in the cryptoworld. He sees an increase in cryptocurrencies malware and a relationship between the malware and the price of Bitcoin. “The higher the price of Bitcoin the more people move to targeting Bitcoin.” 

One of his observations is that before, hackers used to steal banking credentials. But now that has been replaced by mining Bitcoin or Monero. Monero is designed to be private, secure, and mainly untraceable.

The reason for hackers preference for mining cryptocurrencies rather than stealing banking credentials is simple: there is more money in mining cryptocurrencies. According to Chris Doman, North Korea has certainly been linked to other cryptocurrency mining campaigns.