North Korea has emerged as the prime suspect in recent Bitcoin exchange hacks in South Korea, with threat intel experts warning that more attacks on digital currency services and even mainstream banks are likely to follow.
Threat intel firm Cybereason reckons the attacks are a reaction to the tighter economic sanctions prompted by North Korea's recent missile tests.
The speed with which the DPRK conducted this operation demonstrates how seriously they're taking this latest round of sanctions, according to Cybereason. Should China not ease up on its enforcement of the measures, we're likely to see a significant priority shift in DPRK tactics to focus on making up the currency shortfall.
Despite brash pronouncements, this intrusion was not meant as retaliation for the ongoing War Games that have taken place on the Korean Peninsula, or to collect valuable intelligence. Instead, Pyongyang has already mobilised its defence of GDP. It appears that the first shots in the latest round of sanction fighting have been fired and are focused on Bitcoin exchanges – not on a major heist like we saw with the attempts to steal money through the SWIFT network. This rapid reaction to sanctions is likely to be the first skirmish before much larger operations requiring more planning, lead time and network reconnaissance.
"Banking, financial institutions and currency exchanges are likely to see a steady increase in malicious and sophisticated intrusion attempts," warned Ross Rustici, senior director of intelligence services at Cybereason. "They will likely be focused on institutions in South Korea, the United States and Japan (to add a little political flavour to the currency generation). However, we could see the uptick also happen in countries where network security is largely weak – parts of south and southeast Asia, the Baltics and potentially even parts of Africa."
Things have the potential to turn nasty and Bitcoin exchanges – in particular – would be well advised to batten down the hatches.
"To date, we have not seen a combination of destructive attacks and currency generation from the DPRK. Given current tensions and the potential desire to retaliate for perceived assaults on the regime, the DPRK has the latent capacity to conduct a heist and destroy the network on the way out," Rustici added.
Cybereason's analysis of the Bitcoin exchange hacks, and how they might affect the threat landscape for financial services, can be found here. ®
Attacks on the SWIFT network, including the high-profile theft of $81m from an account held by the Central Bank of Bangladesh, have been also been blamed on North Korea. More specifically Bureau 121, a division of North Korea's Reconnaissance General Bureau intelligence agency, was recently fingered as the prime suspect in the cyber-raids by Moscow-based threat intelligence firm Group-IB.