Since severe sanctions were placed on North Korea, the country has looked more towards the possibilities of cryptocurrency, and cryptocurrency mining, as the answer to its financial problems. Recently, the North Korean regime has been accused of launching an international ransomware attack in an attempt to raise Bitcoin.
While the Bitcoin mining campaign was launched primarily within the country's borders, they are also suspected of hacking the exchange platforms of their neighboring country, South Korea. New evidence from the research firm, Recorded Future, suggests that the North Korean regime, under the leadership of Kim Jong-un, has been experimenting with malware campaigns that install a mining script on computers across the world without their owners’ knowledge.
Recorded Future is most known for monitoring discussions in the criminal underground of the dark web. According to a new report by the firm, cryptocurrency mining using malware is becoming a rapidly growing trend amongst hackers worldwide. The report confirmed that hackers are moving their focus from damaging ransomware attacks to cryptocurrency mining instead.
While there haven't been any malware mining campaigns that could be traced back to North Korea yet, researchers from Recorded Future believe that the country has the knowledge, motive, and interest in cryptocurrencies to justify the suspicion. According to Recorded Future’s report, North Korean hackers have extensive experience when it comes to developing and employing such threats as botnets, bitcoin mining, and cryptocurrency hacking. In addition, the country is well-versed in modifying pre-existing malware models to suit their specific needs. These features make the country a likely suspect in the realm of international cybersecurity threats.
The report by Recorded Future suggests that hackers’ focus have shifted from ransomware to cryptocurrency mining, mainly because of the growing risks associated with launching a ransomware campaign. Instead of being lucrative, ransomware attacks mainly attract the attention of cybersecurity authorities. This has caused ransomware attacks to decline steadily since 2015. The report states that there have been enormous ransomware campaigns launched against healthcare facilities, as well as public transport systems, such as the infamous WannaCry and NotPetya campaigns. Recorded Future recognizes and condemns these ransomware attacks as cyberterrorism.
Since ransomware has become too dangerous and not lucrative enough to execute, hackers have been turning towards cryptocurrency mining. This provides hackers with a stable and low-maintenance method of generating funds. Several hackers have voiced their surprise, via conversations on the deep web, as to the ease of the new attack method. A Russian hacker, in particular, stated that they could easily execute mining codes without detection, and confirmed that they currently had 108 bots in their control.
According to Andrei Barysevich from Recorded Future, hackers generally target Monero and Zcash in their mining scripts, as these require fewer CPU resources to successfully mine cryptocurrencies, especially compared to Bitcoin. However, there were also isolated cases of malware executing scripts to mine Ethereum.
Currently, there is no easy way for a user to detect whether their computer has been compromised, as the attack method is new and constantly evolving. However, users have been warned to watch out for signs of an inexplicable slow-down in the computer's performance. This could be and indication that one's computer is being used to execute mining scripts.
While the Bitcoin mining campaign was launched primarily within the country's borders, they are also suspected of hacking the exchange platforms of their neighboring country, South Korea. New evidence from the research firm, Recorded Future, suggests that the North Korean regime, under the leadership of Kim Jong-un, has been experimenting with malware campaigns that install a mining script on computers across the world without their owners’ knowledge.
Recorded Future is most known for monitoring discussions in the criminal underground of the dark web. According to a new report by the firm, cryptocurrency mining using malware is becoming a rapidly growing trend amongst hackers worldwide. The report confirmed that hackers are moving their focus from damaging ransomware attacks to cryptocurrency mining instead.
While there haven't been any malware mining campaigns that could be traced back to North Korea yet, researchers from Recorded Future believe that the country has the knowledge, motive, and interest in cryptocurrencies to justify the suspicion. According to Recorded Future’s report, North Korean hackers have extensive experience when it comes to developing and employing such threats as botnets, bitcoin mining, and cryptocurrency hacking. In addition, the country is well-versed in modifying pre-existing malware models to suit their specific needs. These features make the country a likely suspect in the realm of international cybersecurity threats.
The report by Recorded Future suggests that hackers’ focus have shifted from ransomware to cryptocurrency mining, mainly because of the growing risks associated with launching a ransomware campaign. Instead of being lucrative, ransomware attacks mainly attract the attention of cybersecurity authorities. This has caused ransomware attacks to decline steadily since 2015. The report states that there have been enormous ransomware campaigns launched against healthcare facilities, as well as public transport systems, such as the infamous WannaCry and NotPetya campaigns. Recorded Future recognizes and condemns these ransomware attacks as cyberterrorism.
Since ransomware has become too dangerous and not lucrative enough to execute, hackers have been turning towards cryptocurrency mining. This provides hackers with a stable and low-maintenance method of generating funds. Several hackers have voiced their surprise, via conversations on the deep web, as to the ease of the new attack method. A Russian hacker, in particular, stated that they could easily execute mining codes without detection, and confirmed that they currently had 108 bots in their control.
According to Andrei Barysevich from Recorded Future, hackers generally target Monero and Zcash in their mining scripts, as these require fewer CPU resources to successfully mine cryptocurrencies, especially compared to Bitcoin. However, there were also isolated cases of malware executing scripts to mine Ethereum.
Currently, there is no easy way for a user to detect whether their computer has been compromised, as the attack method is new and constantly evolving. However, users have been warned to watch out for signs of an inexplicable slow-down in the computer's performance. This could be and indication that one's computer is being used to execute mining scripts.