The US justice department has accused three North Korean military intelligence officials of a campaign of cyber-attacks to steal $1.3bn in crypto and traditional currencies from banks and other victims.
“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” said the assistant attorney general John Demers in a statement.
A cryptocurrency is a digital asset designed to work as a medium of exchange wherein individual coin ownership records are stored in a ledger existing in a form of a computerized database. They are heavily protected and can only be accessed by someone who has the right key.
However, it is possible to steal cryptocurrency. Some malware can steal private keys for bitcoin wallets allowing the bitcoins themselves to be stolen. The most common type searches computers for cryptocurrency wallets to upload to a remote server where they can be cracked and their coins were stolen. Many of these also log keystrokes to record passwords, often avoiding the need to crack the keys.
The three created malicious cryptocurrency applications, opening backdoors into victims’ computers; hacked into companies marketing and trading digital currencies like bitcoin; and developed a blockchain platform to evade sanctions and secretly raise funds, the department said.
The case filed in federal court in Los Angeles builds on 2018 charges against one of the three, Park Jin Hyok, who was charged at that time with the hack of Sony pictures four years earlier, the creation of the WannaCry ransomware, and the 2016 theft of $81m from the central bank of Bangladesh, reports the Guardian. The charges now add two more defendants, Jon Chang Hyok and Kim Il, with the allegations saying the three worked together in the North Korean military intelligence hacking group, the Reconnaissance General Bureau.
In addition to earlier charges, the three engaged in operations out of North Korea, Russia and China to attempt to steal $1.3bn by hacking computers using spearfishing techniques and promoting cryptocurrency applications loaded with malicious software that allowed them to access and empty victims’ crypto wallets, the charges said.
Spearphishing is the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.
They also allegedly hacked into and robbed digital currency exchanges in Slovenia and Indonesia and extorted a New York exchange of $11.8m.
