It seems that North Korea's threats extend beyond the domain of the nuclear.
A cybersecurity researcher discovered malware that mines a type of cryptocurrency and routes the bounty to a North Korean university, implying that hackers in North Korea are targeting new assets in an attempt to find alternative sources of income for Pyongyang as it faces sanctions.
Monero, the 13th biggest cryptocurrency by value, and which has been described as being more anonymous than bitcoin, is being embedded in a software that hackers attempt to get installed on a victim's computer. This is consequently mined and sent back to Kim Il Sung University in Pyongyang, North Korea.
However, researchers at AlienVault, a U.S. cybersecurity firm said that "the server the application is running doesn't seem to be connected to the wider internet. That could be because it's designed to run within another network such as the that of the university." AlienVault also suggested that the use of a North Korean server could be used to "trick" security researchers.
"Cryptocurrencies could provide a financial lifeline to a country hit hard by sanctions. Therefore, it's not surprising that universities in North Korea have shown a clear interest in cryptocurrencies," the researchers said in a blog post. "Recently, the Pyongyang University of Science and Technology invited foreign experts to lecture on cryptocurrencies. The installer we've analyzed may be the most recent product of their endeavors."
This isn't the first time this trick has been tried. Last year, a group called Andariel gained control of a server at a South Korean company and used it to mine monero as well. However, AlienVault claims there doesn't seem to be anything linking the latest monero mining scheme to this group or to any other North Korean group; it was evidently an independent attack.
This is not the only cybersecurity threat North Korea poses. North Korea was allegedly the mastermind behind the WannaCry ransomware cyberattack that forced Britain's national health care system to its knees for a brief period. It has also successfully hacked South Korea's military, and stolen war plans for targeting Kim's regime in case of war. In the U.S., North Korea was accused in 2014 of hacking the Sony Corporation, but has also targeted the New York Federal Reserve.
U.S. intelligence told a Senate committee last year that Pyongyang "remains capable of launching disruptive or destructive cyber attacks to support its political objectives." Moreover, South Korea has explicitly stated that North Korea has "developed a 6,800 strong unit of trained cyberwarfare experts."
Perhaps what's most concerning is that these attacks are anonymous, and therefore difficult to hold any party culpable. This makes it easier for North Korea to continue underhandedly honing its hackers without the threat of tangible sanctions or legal actions, and exacerbates the overall danger of the situation, as crypto mining an easy, efficient and untraceable form of assault.
