North Korean hackers are secretly mining a cryptocurrency rival to bitcoin as Kim Jong Un aims to cash in on the booming virtual cash economy and skirt the sanctions that are crippling his regime.
According to a report, the rogue state is using foreign computers to funnel the cryptocurrency into the country through a university in the capital, Pyongyang.
Analysts at cybersecurity firm AlienVault have identified a new malware application that can be hidden in software on a compromised computer and used to generate the virtual currency Monero before sending it on to Kim Il Sung University.
California-based AlienVault said the malignant code was released on Dec. 24 and can exploit computers it is hosted on anywhere in the world.
The code uses the password KJU, which is probably a reference to the Communist regime’s Supreme Leader.
AlienVault said it has been able to trace the virtual funds to the university where Kim was once a student.
The report suggests the malware could be part of a “central task to exploit cryptocurrencies” and that there are previous reports of North Korean hackers mining Monero.
“It’s not clear if we’re looking at an early test of an attack or part of a ‘legitimate’ mining operation where the owners of the hardware are aware of the mining,” the report reads.
“On the one hand, the sample contains obvious messages printed for debugging that an attacker would avoid. But it also contains fake filenames that appear to be an attempt to avoid detection of the installed mining software.”
The secret mining operation appears to be another indication North Korea is propping up its economy, which has been weighed down by sanctions, and possibly funding its nuclear ambitions through cryptocurrency.
Chris Doman, a security researcher at AlienVault, told Newsweek that the malware attack could provide a lifeline to North Korea.
“There is strong evidence that North Korea is interested in mining cryptocurrencies,” Doman said.
He pointed to reports that linked the North Korean hacking group Lazarus, which was behind the WannaCry attack that crippled computers across the world in May, to attacks that had mined Monero through exploited websites.
“Additionally, Lazarus has been known to target a number of — primarily South Korean — bitcoin exchanges to steal their bitcoins, and are strongly linked to the WannaCry attacks, which demanded bitcoins in payment,” Doman said.
AlienVault did not find any evidence linking Lazarus to the latest cryptocurrency attack.
However, the report concluded: “Cryptocurrencies could provide a financial lifeline to a country hit hard by sanctions.”
“Therefore it’s not surprising that universities in North Korea have shown a clear interest in cryptocurrencies. Recently the Pyongyang University of Science and Technology invited foreign experts to lecture on cryptocurrencies.”
“The Installer we’ve analyzed may be the most recent product of their endeavors.”
The attraction to virtual currency appears to be felt across Korea.
Hyper-wired South Korea has been a hotbed for virtual currencies such as bitcoin, accounting for some 20 percent of global transactions, about 10 times its share of the world economy.
But South Korean authorities late last year banned financial institutions from dealing in virtual currencies on fears of a bubble fueled by retail speculators.
About 1 million South Koreans, many of them small-time investors, are estimated to own bitcoins and demand is so high that prices are around 20 percent higher than in the US.
Initial coin offerings (ICOs) — where companies sell newly mined cryptocurrencies to investors for real money — were also outlawed.
The government has also pledged to strengthen investor protection rules, in an effort to curb speculation and potential fraud.
Announcing the ban on ICOs in September, South Korea’s Financial Services Commission declared that “cryptocurrencies are neither money nor currency nor financial products.”
Youbit, a South Korean exchange trading bitcoin and other virtual currencies, declared itself bankrupt in December after being hacked for the second time this year.
North Korea was accused of being behind the first attack.
Earlier this week, police raided South Korea’s largest cryptocurrency exchanges and tax agencies for alleged tax evasion.
“A few officials from the National Tax Service raided our office,” an official at Coinone, a major cryptocurrency exchange in South Korea, told Reuters.
“Local police also have been investigating our company since last year, they think what we do is gambling,” said the official, who spoke on condition of anonymity.
He said Coinone was cooperating with the investigation. Bithumb, the second-largest virtual currency operator in South Korea, was also raided by tax authorities Wednesday.
“We were asked by the tax officials to disclose paperwork and things yesterday,” an official at Bithumb said, requesting anonymity due to the sensitivity of the issue.
South Korean financial authorities had previously said they are inspecting six local banks that offer virtual currency accounts to institutions, amid concerns that the increasing use of such assets could lead to a surge in crime.
The crackdown on Seoul-based operators of some of the world’s busiest virtual currency exchanges comes as the government attempts to calm frenzied demand for cryptocurrency trading in Asia’s fourth-largest economy.
Bitcoin’s 1,500 percent surge last year has stoked huge demand for cryptocurrency in South Korea, drawing everyone from college students to housewives and sparking concerns about a gambling addiction.