North Korean hackers are secretly mining a cryptocurrency rival to bitcoin as Kim Jong Un aims to cash in on the booming virtual cash economy and skirt the sanctions that are crippling his regime.
According to a report, the rogue state is using foreign computers to funnel the cryptocurrency into the country through a university in the capital, Pyongyang.
Analysts at cybersecurity firm AlienVault have identified a new malware application that can be hidden in software on a compromised computer and used to generate the virtual currency Monero before sending it on to Kim Il Sung University.
California-based AlienVault said the malignant code was released on Dec. 24 and can exploit computers it is hosted on anywhere in the world.
The code uses the password KJU, which is probably a reference to the Communist regime’s Supreme Leader.
AlienVault said it has been able to trace the virtual funds to the university where Kim was once a student.
The report suggests the malware could be part of a “central task to exploit cryptocurrencies” and that there are previous reports of North Korean hackers mining Monero.
“It’s not clear if we’re looking at an early test of an attack or part of a ‘legitimate’ mining operation where the owners of the hardware are aware of the mining,” the report reads.
“On the one hand, the sample contains obvious messages printed for debugging that an attacker would avoid. But it also contains fake filenames that appear to be an attempt to avoid detection of the installed mining software.”
The secret mining operation appears to be another indication North Korea is propping up its economy, which has been weighed down by sanctions, and possibly funding its nuclear ambitions through cryptocurrency.
Chris Doman, a security researcher at AlienVault, told Newsweek that the malware attack could provide a lifeline to North Korea.
“There is strong evidence that North Korea is interested in mining cryptocurrencies,” Doman said.
He pointed to reports that linked the North Korean hacking group Lazarus, which was behind the WannaCry attack that crippled computers across the world in May, to attacks that had mined Monero through exploited websites.
“Additionally, Lazarus has been known to target a number of — primarily South Korean — bitcoin exchanges to steal their bitcoins, and are strongly linked to the WannaCry attacks, which demanded bitcoins in payment,” Doman said.
AlienVault did not find any evidence…