North Korea Is Suspect in Hack of Seoul Bitcoin ExchangeBy and
Attack seen as extension of April heist linked to North Korea
Youbit exchange closed and entered bankruptcy proceedings
South Korean investigators are looking into North Korea’s possible involvement in the hack of a Seoul-based cryptocurrency exchange that collapsed this week, according to a person familiar with the investigation.
Yapian, the owner of bitcoin exchange Youbit, said Tuesday that it would close and enter bankruptcy proceedings after a cyberattack that claimed 17 percent of its total assets. It was also hit by an attack in April that local media have linked to North Korean hackers.
Police investigators and the Korea Internet and Security Agency are viewing the case as an extension of the April attack, according to the person, who asked not to be identified discussing confidential information. While they aren’t ruling out North Korea as a suspect, they are also open to all other possibilities, the person said Thursday.
The Wall Street Journal reported earlier that investigators saw telltale signs that North Korea was behind the Youbit attack. Spokespersons for both the police and Korea’s internet security body couldn’t immediately be reached for comment.
The attack on Youbit is “in alignment” with the recent focus of North Korea’s cyber army on cryptocurrencies and their exchanges, said Luke McNamara, senior analyst at FireEye Inc., a U.S. cybersecurity researcher.
“This an adversary that we have been watching become increasingly capable and also brazen in terms of the targets that they are willing to go after,” said McNamara, citing banks and other financial institutions. “This is really just one prong in a larger strategy that they seem to be employing since at least 2016, where they have been using capability that has been primarily used for espionage to actually steal funds.”
North Korea has used an army of hackers to try and raise cash as the U.S. has stepped up sanctions in a bid to thwart Kim Jong Un’s push for the ability to strike the American homeland with a nuclear weapon. Earlier this week, the U.S. blamed North Korea for the WannaCry ransomware attack that affected hundreds of thousands of computers globally this year.
While North Korea allows internet access to only a small portion of its population, it began to train its techno soldiers in the early 1990s, according to South Korea’s Defense Security Command. The country probably employs 1,700 state-sponsored hackers, backed by more than 5,000 support staff, according to the Australian Strategic Policy Institute.
Cutting North Korea off from the Internet entirely wouldn’t be effective because North Korea would probably have cyber capabilities located outside the country, possibility in embassies or other locations masked by front companies, McNamara said.
North Korea has grown increasingly adept at breaking into computer systems around the world for financial gain and strategic benefit. This year, the regime’s cyber warriors have been linked to stolen U.S.-South Korean military plans and the alleged theft of $60 million from a Taiwan bank.
The most usual route into target computer networks is via spearphishing, where the employees of digital currency exchanges are targeted with emails carrying malware which is activated once the attachment is opened, according to FireEye.