FireEye links North Korean cyberthieves to a recent spate of spearphishing attacks against South Korea.

Dark Reading Staff, Dark Reading

September 13, 2017

1 Min Read

North Korean cybercriminals may increasingly steal Bitcoins and other cryptocurrencies, following the sanctions imposed Monday by the United Nations Security Council over North Korea's persistent nuclear testing, according to a FireEye blog post.

The sanctions, which include capping North Korea's oil imports and banning the country's profitable textile export business, may fuel even more spearphishing attacks against South Korea's cryptocurrency exchanges and other nations' exchanges, FireEye asserts, as North Korean actors seek to fund the government's activities and the pocketbooks of the country's elite.

Last year, FireEye says it noticed North Korean actors shifting their focus from cyber espionage to crimes against traditional banks and financial institutions around the globe. That shift was likely the result of North Korean actors trying to raise funds for government's activities, according to FireEye.

But beginning in May, the security firm says it observed at least three incidents where North Korean actors targeted South Korean cryptocurrency exchanges. The cyberthieves attacked the personal email accounts of employees at the exchanges, and often used bogus tax-related messages as the lure, according to FireEye. The attacks used malware called PEACHPIT, which FireEye links to previous malware used by North Korean actors in last year's attacks against global banks and financial institutions.

Read more about the North Korean cryptocurrency attacks here.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights