North Korea is earning bitcoin alternative monero by hijacking computers, researchers suggest

'Crypto-currencies could provide a financial lifeline to a country hit hard by sanctions'

Aatif Sulleyman
Tuesday 09 January 2018 12:57 GMT
Comments
What is Bitcoin and why is its price so high?

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

New software designed to make computers mine an alternative to bitcoin and send it to a university in North Korea has been discovered by security researchers.

The finding appears to support suggestions that North Korean actors are increasingly targeting computers in order to raise funds under strict economic sanctions.

A North Korean hacking group called Andariel secretly took over a server at a South Korean company and used it to mine around 70 monero last year, a hacking team said this month.

Experts have traced several similar attacks to North Korea over the course of 2017.

Since May, North Korean actors have targeted at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds, cybersecurity firm FireEye said in September.

It’s believed that North Korean actors will continue carrying them out in order to fund its nuclear and missile programmes.

The installer was spotted by cyber security firm AlienVault, which says it was created on 24 December.

“Crypto-currencies could provide a financial lifeline to a country hit hard by sanctions,” the company said.

“Therefore it’s not surprising that universities in North Korea have shown a clear interest in cryptocurrencies. Recently the Pyongyang University of Science and Technology invited foreign experts to lecture on crypto-currencies.

“The Installer ... may be the most recent product of their endeavours.”

It is designed to use host computers to mine a cryptocurrency called monero, and then send any coins to Kim Il Sung University in Pyongyang, according to AlienVault.

However, it isn’t yet clear how the software is actually being used.

“It’s not clear if we’re looking at an early test of an attack, or part of a ‘legitimate’ mining operation where the owners of the hardware are aware of the mining,” AlienVault says.

It adds that a North Korean server used in the code does not appear to be connected to the wider internet, which could mean its inclusion could be ”a prank to trick security researchers”.

Cryptocurrency watchers say technical details of Monero make it more appealing than bitcoin to those who value secrecy.

Monero funds go to an unlinkable, one-time address generated with random numbers every time a payment is issued.

That makes it less traceable than bitcoin, where transactions can be linked to specific, albeit anonymous, private addresses, cybersecurity experts said.

Additional reporting by Reuters.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in