Cryptowinter or not! North Korean hackers care less when they attack
Every industry is sympathetic about the Cryptowinter that has been haunting the market since last November, except the state-sponsored North Korean hackers who have been rampaging accounts online.
According to cyber security experts, both Mac and Windows OS users continue to remain vulnerable to the cyber attack, which was launched when the CryptoWinter started. The process that they are using is simple. The hacking group has created custom PowerShell scripts that attack systems by first trying to communicate with them. It sends malicious command and control (C2) servers and runs commands that are initiated by the operators. The C2 server scripts look like WordPress files or other open source projects.
On taking control, the malware collects basic information from the system and uses it for criminal activities. Experts further believe that the malware attacks systems on rented servers only. Incidentally, they are believed to attack systems in South Korea as it is an open market for Cryptocurrency and is considerably more accepting that the North Korean market. Experts, meanwhile, suggest that caution should be maintained while dealing with new start-ups. Some malware come through them. According to a report by the UN, North Korean hackers have, till now, stolen $0.5 billion from cryptocurrency exchanges. It is also being realized that the group was behind the hacking of Japanese crypto company Coincheck and is said to have stolen nearly $600 million between 2017 and 2018.
North Korea is involved in these cyber crimes to obtain funds as a way of bypassing the “unnecessary” economic sanctions imposed on the state. However, some of the other experts are of the opinion that there is no particular reason why the group is targeting South Korea. It is because of the anonymous nature of the process that it is difficult to track the perpetrators. The UN Security Council panel said,
“Cyber attacks involving cryptocurrencies provide the Democratic People’s Republic of Korea with more ways to evade sanctions given that they are harder to trace, can be laundered many times and are independent of government regulation.”
Meanwhile, South Korea is said to have attacked North Korea directly accusing it of theft. The hacking team is also known to target individual accounts and not just businesses. Some of the other exchanges that seem to have malicious attacks on their count include Singapore’s DragonEX and CoinBene. Regulations like the GDPR have tightened the noose across Cryptocurrency agencies functioning in Europe and America.