Canada Markets close in 3 hrs 33 mins

North Korea government-backed hackers are trying to steal cryptocurrency from South Korean users

Arjun Kharpal
Researchers believe North Korea is attempting to acquire cryptocurrency to ease the pressure of financial sanctions.

North Korean government-backed hackers are targeting South Korean cryptocurrency exchange customers using similar tactics to the cyberattack on Sony Pictures and the WannaCry ransomware, a report has revealed.

The hacking group, known as Lazarus, used a number of methods to target people. One involved exploiting a security flaw in Hangul, a Korean-language word processing program, according to cybersecurity firm Recorded Future.

Targets of the hacking campaign also appear to be users of the Coinlink cryptocurrency exchange, other exchanges in South Korea, and a group called Friends of the Ministry of Foreign Affairs, which is made up of students.

One tactic involves trying to obtain the emails and passwords of users of Coinlink.

This is done by a so-called spear phishing attack, where an email containing the malicious document is sent to a user. If the user opens the document the malicious software or malware could steal their credentials.

The Lazarus attacks happened in late 2017, as the price of bitcoin began to hit new highs. The aim for North Korea was to steal cryptocurrency, which could help the country deal with the economic sanctions that have been imposed on it.

"We believe that this targeting is a continuation of North Korea's attempts to use cryptocurrency as a means of circumventing sanctions and controls imposed by the international financial system," Priscilla Moriuchi, director of strategic threat development at Recorded Future, told CNBC by email on Tuesday.

"The sanctions are having a negative impact on the Kim (Jong Un) regime and we believe the regime sees cryptocurrency as a tool for easing some of the financial pressure."

Moriuchi said that she does not have evidence of how much cryptocurrency has been taken, but that monero and bitcoin appear to be the digital coins that the North Korean hackers are targeting.

The methods of attack also bear similarities to those used to hack Sony Pictures in 2014 and last year's WannaCry ransomware attack , which locked peoples' computers and then demanded a payment in bitcoin to unlock it.

North Korean hackers have been trying many ways over the past few months to acquire cryptocurrency. Earlier this month, AlienVault, a U.S. cybersecurity firm found a piece of malware that places a mining application on a victim's computer in order to mine monero.