[ad_1]
Hackers and agents in North Korea have fully embraced cryptocurrency as a means of circumventing international sanctions and raising funds for the Pyongyang regime.
Two reports published in the last two weeks by Group-IB and Recorded Future, respectively, reveal the depths of North Korea, relying on piracy of cryptocurrency trading platforms, running scams related to crypto-currency, and even creating a – functional scam piece.
Of these, North Korea's cyberattacks targeting cryptocurrency trading are by far the most popular. A Group-IB report released last week pinned five of the 14 cryptocurrency hackers on Lazarus Group, a code name assigned by the cyber security sector to North Korean military hacking units.
Group-IB has linked the Lazarus group to successful hackers in exchanges such as Yapizon, Coinis, YouBit, Coincheck and Bithumb, in 2017 and 2018. In total, North Korean hackers stole about $ 571 million from the five markets said the report.
Image: Group-IB
But hacks were not the only thing the North Korean agents had in mind. In a report released today by the US intelligence firm Recorded Future, individuals associated with the North Korean regime have also been accused of being at the root of a scam. related to cryptocurrency.
"We have discovered an asset-based crypto-currency currency scam called" Marine Chain "and operated by a network of North Korean actors in Singapore," said Recorded Future.
"We had discussions on the shipping chain as cryptocurrency in two Bitcoin forums in August 2018. Marine Chain was supposed to be an asset-backed cryptocurrency that allowed the creation of ship tokens for multiple users and owners, "says the report.
Recorded Future believes that all the investments made in this business have ended up becoming losses for investors. The threat intelligence firm lists several reasons why it came to this conclusion:
The Marine Chain website was a clone of ShipOwner.io, a similar chain block service that allowed users to buy and rent ships with cryptocurrency investments.
Marine Chain's website was hosted on four different IP addresses, which hosted several other crypto-currency scams at the end of 2017 and during 2018.
One of the scam sites was a binary options trading company called Binary Tilt, which was found to be fraudulent by the Government of Ontario, Canada.
Recorded Future has linked two shipping chain managers to Singaporean companies that have been assisting North Korean sanctions bypassing efforts since at least 2013.
In addition to Marine Chain, the threat intelligence group also linked North Korean individuals to another cryptocurrency launched in 2018, which has been renamed four times (Interstellar, Stellar, HOLD or HUZU), took user investment, then was closed, and then stolen. of their funds.
These two scams probably did not generate the same benefits as Lazarus's hackers, but they show a trend in North Korean operations, where agents complete cyber attacks on real banks with cryptographic profits. currency, and the reason why FireEye has called North Korea the most destructive cyber threat right now. "
