North Korean hackers mined Monero on servers in Seoul

North Korea hackers

South Korean researchers have found that their neighbors in the north are hijacking their servers to mine Monero in an attempt to circumvent sanctions.

While it’s difficult to tell whether one cryptocurrency-related hacking incident can be linked to North Korea, some of the signs are still visible, at least according to the investigative research of their neighbors in the south.

A report by Bloomberg shows that a hacking unit named “Andariel” has taken over a corporate server in South Korea last year and mined 70 units of Monero through it. This amount is currently worth around $26,000.

Kwak Kyong-ju, the researcher who discovered this attack and a leader of a hacking analysis team in the Financial Security Institute of South Korea, says that Andariel is doing anything it can to get its hands on money in the most untraceable manner possible.

“Andariel is going after anything that generates cash these days. Dust gathered over time builds a mountain,” he said.

Just last month, Thomas P. Bossert, Homeland Security Advisor to the President of the United States, confirmed that North Korea was behind the WannaCry ransomware attack, which encrypted hundreds of thousands of systems’ files and asked for a ransom in Bitcoin to release them.

Another report by FireEye has also confirmed that North Korea’s hackers have been increasing their activity on cryptocurrency exchanges operating out of Seoul.

Monero appears to be the cryptocurrency of choice for these hackers since blocks mined on its blockchain anonymize much of the useful data that would help authorities determine the source of a transaction and amount of money being transferred.

According to Lee Dong-geun, Chief Analyst at Korea Internet Security Center in Seoul, North Korean hackers are no longer interested in attacking government organizations.

“North Korean threats meant attacks on the government and national defense, but now they are looming very large over the private sector. They are primarily after information for financial ends,” he said.

Hackers might have shifted their interest because of the more immediate concerns regarding the sanctions in the country.

As of right now, there’s no exact figure on the amount of cryptocurrency that has flowed into the country, and we might not even reach a firm conclusion at any point in the near future.

We do know that there are untraceable amounts of Monero reaching their coffers, but it’s unclear whether it would be enough to fight the sanctions that target the country.


Related posts

Leave a Comment