In the Summer of 2017, a hacking group called Andarial took control of a South Korean company server and stole 70 Monero coins from it which were worth approximately $25,000 USD. There are speculations that the hacking group has ties with the North Korean government and the money was transferred to them as well. The government of North Korea has denied all the allegations.
The lead of the hacking analysis team at South Korea, Kwak Kyoung-Ju, says that they have investigated the hacking group and they seem to be focused on raising the capital. He said, “Andariel is going after anything that generates cash these days. Dust gathered over time builds a mountain.” It is also suspected that the hacking group has also seized other South Korean server to mine the cryptocurrencies. The group prefers Monero among all other currencies. Monero is relatively an unknown coin as compared to Bitcoin, however, it has a very strong focus on privacy and can be easy transferred than a bitcoin. Monero makes tracing of funds more difficult by mixing all the transactions.
To mine cryptocurrency, you need very high-powered computers and a huge amount of energy. An increasing objective for hacker groups is to hack the servers for the purpose of mining the cryptocurrency. This way they are also generating funds for their operations. The hackers are not only seizing servers but also getting their hands on the cryptocurrency by theft or blackmailing. North Korea was also accused by the USA in terms of WannaCry ransomware attack. The attack affected thousands of computers across the world. The attacks consisted of locking files with a coded malware and demanding bitcoin exchange in ransom to unlock the files. When cryptocurrency increased in value, many trading platforms were targetted by the thieves.
NiceHash is a company that provides users the ability to offer their computer’s processing power to make the calculations needed to create new bitcoin. It lost $63 million USD as a result of a hack last year. The company has since resumed the operation.
Previously it was thought that the attacks from North Korea were targetting government institutions in order to gather information. But recently all the attacks that happen show that they are more focused to get financial gains. Lee Dong-Geun, Chief Analyst at the government-run Korean Internet Security Center in Seoul said, “North Korean threats meant attacks on the government and national defense, but now they are looming very large over the private sector. They are primarily after information for financial ends.”
The accusations against the North Korean government are increasing as they are increasing their nuclear power. This is causing more and more sanctions from other countries. The sanctions mean that the government is scrambling for cash to keep the country running. In a reply to all the accusations, North Korea has denied being involved in any kind of cyber attack.