North Korea-linked hackers targeted cryptocurrency investors and exchanges just as bitcoin started to soar to record highs, according to a new report.
Cybersecurity firm Recorded Future said malware used in the attacks was similar to that used in the Sony Pictures hack, the global WannaCry ransomware attack and the major cyberheist that hit Bangladesh’s central bank.
Based on the malware, Recorded Future said it believes attacks late last year on South Korean cryptocurrency exchanges and their users were carried out by Lazarus, a hacking group that has previously been tied to North Korea.
The malware was created in mid-October and November, just as bitcoin began surging to jaw-dropping heights, according to the report, which was published Tuesday. Other cryptocurrencies like ethereum and monero have also experienced massive jumps in value in recent months.
“This late 2017 campaign is a continuation of North Korea’s interest in cryptocurrency, which we now know encompasses a broad range of activities including mining, ransomware, and outright theft,” Recorded Future researchers Juan Andres Guerrero-Saade and Priscilla Moriuchi wrote.
The report didn’t say how successful the attacks, which included efforts to harvest cryptocurrency exchange users’ passwords, might have been.
Many cryptocurrencies are designed to operate outside of the control of governments or banks. That’s likely to appeal to North Korea at a time when the U.S. is stepping up efforts to cut the country out of the international financial system over its nuclear weapons program.
Previous reports from cybersecurity firms and South Korean government officials said North Korean hackers had targeted cryptocurrency exchanges in the summer of 2017.
North Korea has repeatedly denied involvement in international hacking attacks. But it has made no secret of its interest in bitcoin and other cryptocurrencies.
In November, the Pyongyang University of Science and Technology touted a lecture from a bitcoin expert who came to North Korea to teach students about the technology behind the digital currency. The university is a high-profile institution where scions of the North Korean elite study.
The revelations of the latest attacks on South Korean investors come as the country’s government is considering whether to clamp down on cryptocurrency trading within its borders.
If the South Korean government tightens regulations and exchanges in the country step up security, North Korean hackers may “look to exchanges and users in other countries,” the Recorded Future researchers said.
CNNMoney (Hong Kong) First published January 17, 2018: 1:40 AM ET