The regime has come under suspicion of resorting to cryptocurrency mining hacks to generate funds.
North Korea has gained a sizable reputation amongst the crypto-community in recent months. The regime under leader Kim Jong-un has been accused of several cybercrimes involving digital currencies, including developing and employing an international ransomware attack in an attempt to generate Bitcoin, mining Bitcoin within their borders, as well as infiltrating South Korean cryptocurrency exchanging platforms and stealing digital currencies.
However, new research from the cybersecurity firm, Recorded Future, has recently come to light which suggests that North Korea could also be involved with a state-backed hacking campaign which installs a cryptocurrency mining script on unsuspecting victim’s machines.
Recorded Future recently penned a report which confirmed that cryptocurrency mining malware is becoming increasingly popular amongst the hacking community. Recorded Future is a firm which keeps informed of hacking trends by monitoring discussions that arise in the criminal hacking sector on the dark web. This last year has seen a dramatic shift in hacking trends, as hackers have moved away from ransomware and data theft campaigns, and have embraced the implementation of mining scripts.
A reason for this shift has been attributed to the relative low-maintenance involved in mining scripts when compared to other hacking campaigns. Compared to other hacking methods, mining scripts are much more reliable, long-term sources of income which require little input and risk on the part of the hacker.
While the firm is yet to catch North Korea involved in a specific instance of cryptocurrency mining, the firm stated that North Korea has the incentive, knowledge, and enthusiasm which make them a reasonable suspect. According to the report by Recorded Future, North Korean hackers have plenty of previous experience in the field, especially when it comes to instances involving cryptocurrency. The report states that North Korea has all the features which make it a prime candidate to create and manage an international network involved in cryptocurrency crimes.
In addition, the report stated that hackers are readily turning towards mining scripts, as other hacking campaigns are too risky and require a large amount of maintenance from the hacker. Since 2015, mining scripts have become a more viable option for the hacking community as it poses minimal risk, as well as a steady, albeit smaller income. These smaller attacks have become increasingly popular since the large-scale attacks such as WannaCry and NotPetya have been launched on individuals and corporations worldwide.
With the increased risk hackers face when implementing ransomware, mining scripts became a more viable option. Recorded Future’s report particularly noted the surprise many hackers voiced at the low-maintenance required from this technique. According to the report, a Russia-based hacker stated that he was able to easily implement 110 bots, and only had two killed since.
Co-author of the report, Andrei Barysevich, stated that hackers generally target Monero and Zcash since these require significantly fewer resources than Bitcoin or Ethereum. By targeting less popular cryptocurrencies, hackers can more profitably and reliably generate funds. However, there has been one recorded instance of a mining script which usurped a machine’s graphics card in order to mine Ethereum.
While there is no sure-fire way to detect whether your machine has been compromised or not, Barysevich suggested that all users should look out for an inexplicable slow-down of their computers. Since the technique is relatively new, there is still no software available to make the detection and banishing of mining scripts easily accessible to the average person.