North Korea government-backed hackers are trying to steal cryptocurrency from South Korean users

  • The hackers, known as Lazarus, used similar tactics to those in the Sony Pictures hack and WannaCry ransomware attack
  • Researchers said North Korea is attempting to acquire cryptocurrency to ease the pressure of financial sanctions
Bill Hinton | Getty Images

North Korean government-backed hackers are targeting South Korean cryptocurrency exchange customers using similar tactics to the cyberattack on Sony Pictures and the WannaCry ransomware, a report has revealed.

The hacking group, known as Lazarus, used a number of methods to target people. One involved exploiting a security flaw in Hangul, a Korean-language word processing program, according to cybersecurity firm Recorded Future.

Targets of the hacking campaign also appear to be users of the Coinlink cryptocurrency exchange, other exchanges in South Korea, and a group called Friends of the Ministry of Foreign Affairs, which is made up of students.

One tactic involves trying to obtain the emails and passwords of users of Coinlink.

This is done by a so-called spear phishing attack, where an email containing the malicious document is sent to a user. If the user opens the document the malicious software or malware could steal their credentials.

However, Coinlink said that there have been no attacks at all from North Korea.

"After contacting the company responsible for Coinlink server security, there are no real attempts to attack our site from North Korea. Also, email and passwords in Coinlink have not been hacked at all," a spokesperson for the exchange told CNBC by email.

The Lazarus attacks happened in late 2017, as the price of bitcoin began to hit new highs. The aim for North Korea was to steal cryptocurrency, which could help the country deal with the economic sanctions that have been imposed on it.

"We believe that this targeting is a continuation of North Korea's attempts to use cryptocurrency as a means of circumventing sanctions and controls imposed by the international financial system," Priscilla Moriuchi, director of strategic threat development at Recorded Future, told CNBC by email on Tuesday.

"The sanctions are having a negative impact on the Kim (Jong Un) regime and we believe the regime sees cryptocurrency as a tool for easing some of the financial pressure."

Moriuchi said that she does not have evidence of how much cryptocurrency has been taken, but that monero and bitcoin appear to be the digital coins that the North Korean hackers are targeting.

The methods of attack also bear similarities to those used to hack Sony Pictures in 2014 and last year's WannaCry ransomware attack, which locked peoples' computers and then demanded a payment in bitcoin to unlock it.

North Korean hackers have been trying many ways over the past few months to acquire cryptocurrency. Earlier this month, AlienVault, a U.S. cybersecurity firm found a piece of malware that places a mining application on a victim's computer in order to mine monero.