North Korean Hackers Hijack Computers to Mine Cryptocurrencies

North Korean hackers are hijacking computers to mine cryptocurrencies as the regime in Pyongyang widens its hunt for cash under tougher international sanctions, according to Bloomberg.

A hacking unit called Andariel seized a server at a South Korean company in the summer of 2017 and used it to mine about 70 Monero coins, worth about $25,000, according to Kwak Kyoung-ju, who leads a hacking analysis team at the South Korean government-backed Financial Security Institute.

The case underscores the increasing appetite from cyber-attackers for digital currencies that are becoming a source of income for the Kim Jong Un regime. North Korea is accelerating its pursuit of cash abroad as the world tightens its stranglehold on its conventional sources of money with sanctions cutting oil supplies and other trade bans.

The hackers may have seized other computers to mine cryptocurrencies and appear to prefer Monero because the currency is more focused on privacy and easier to hide and launder than bitcoin, Kwak said, citing the analysis of the server. Andariel was able to take control of the server undetected by its operator, he said.

South Korean investigators are looking at North Korea among their suspects. The country’s hackers are increasing attacks on cryptocurrency exchanges in Seoul, security researcher FireEye said in September.

The majority of attacks from North Korean hackers in the past year have focused on financial gain rather than government secrets, according to researchers dealing with them. The shift of focus may accelerate this year as the UN is stepping up its efforts to cut the flow of funds used by the regime to fuel its nuclear arms development.