Tag Archives: cyber attack North Korean

North Korea: Hacking Superpower — Crypto Billionaire

Leave a reply

At 11:49 a.m. on July 18, 2024, North Korean hackers pounced on a major cryptocurrency exchange handling hundreds of millions of dollars. The hackers slipped into the exchange’s virtual vault, took control and then started pilfering cryptocurrency tokens. Within a little more than an hour, the hackers had disappeared—and with them, more than $200 million for the Kim Jong Un regime. 

The shocking theft at WazirX, India’s largest cryptocurrency exchange, along with several other major recent heists, has made it clear: North Korea is now the world’s most dangerous crypto thief. It has swiped more than $6 billion in cryptocurrency over the past decade—a sum so large that no one else compares. The country’s hackers are both patient and brazen, according to investigators. To get into companies’ computers, they comb through employees’ Facebook and Instagram pages and invent tailor-made stories to trick them into clicking on links with viruses. Some North Korean hackers have even become employees themselves, fooling U.S. companies into hiring them as remote IT workers and gaining access to their networks.

After grabbing their bounty, North Korean hackers are masters at escaping. At WazirX, investigators believe they used algorithms to spread funds through global crypto networks faster than any human could, making it almost impossible for authorities to catch up. Once the crypto is dispersed, North Koreans often lie low until investigators lose interest and move on, waiting months or years to convert their haul into traditional money that can be spent….Pyongyang’s crowning achievement came in February with a $1.5 billion raid of Bybit, one of the world’s biggest cryptocurrency exchanges, in the largest-ever such heist. That followed several hackings in 2024, when North Korea stole more than $6 out of every $10 lost by the cryptocurrency industry, according to Chainalysis, which tracks crypto theft.

North Korea’s success reflects the major resources dedicated to the task. The regime commands more than 8,000 hackers as though they were in a military unit, with the country’s brightest minds. State support means its hackers can wait months or years to exploit a single slip in a company’s digital security. Pyongyang’s desperation for cash, and its lack of concern for diplomatic blowback, have fueled its drive to be better than anyone else. 

Excerpts from How North Korea Cheated Its Way to Crypto Billions, WSJ, Apr. 3, 2025

Iran Wants to Be North Korea: nuclear weapons

Leave a reply

The US tried to deploy a version of the Stuxnet computer virus to attack North Korea’s nuclear weapons programme five years  (2010) ago but ultimately failed, according to people familiar with the covert campaign.  The operation began in tandem with the now-famous Stuxnet attack that sabotaged Iran’s nuclear programme in 2009 and 2010 by destroying a thousand or more centrifuges that were enriching uraniumc. Reuters and others have reported that the Iran attack was a joint effort by US and Israeli forces.

According to one US intelligence source, Stuxnet’s developers produced a related virus that would be activated when it encountered Korean-language settings on an infected machine…But the National Security Agency-led campaign was stymied by North Korea’s utter secrecy, as well as the extreme isolation of its communications systems...North Korea has some of the most isolated communications networks in the world. Just owning a computer requires police permission, and the open internet is unknown except to a tiny elite. The country has one main conduit for internet connections to the outside world, through China.  In contrast, Iranians surfed the net broadly and had interactions with companies from around the globe.

The US has launched many cyber espionage campaigns, but North Korea is only the second country, after Iran, that the NSA is now known to have targeted with software designed to destroy equipment.

Experts in nuclear programmes said there were similarities between North Korea and Iran’s operations, and the two countries continue to collaborate on military technology. Both countries use a system with P-2 centrifuges, obtained by Pakistani nuclear scientist AQ Khan, who is regarded as the father of Islamabad’s nuclear bomb, they said. Like Iran, North Korea probably directs its centrifuges with control software developed by Siemens AG that runs on Microsoft Corp’s Windows operating system, the experts said. Stuxnet took advantage of vulnerabilities in both the Siemens and Microsoft programmes…

Despite modest differences between the programmes, “Stuxnet can deal with both of them. But you still need to get it in,” said Olli Heinonen, senior fellow at Harvard University’s Belfer Center for Science and International Affairs and former deputy director general of the International Atomic Energy Agency…

The Stuxnet campaign against Iran, code-named Olympic Games, was discovered in 2010. It remains unclear how the virus was introduced to the Iranian nuclear facility in Natanz, which was not connected to the Internet.,,,According to cybersecurity experts, Stuxnet was found inside industrial companies in Iran that were tied to the nuclear effort. As for how Stuxnet got there, a leading theory is that it was deposited by a sophisticated espionage programme developed by a team closely allied to Stuxnet’s authors, dubbed the Equation Group by researchers at Kaspersky Lab…

In addition, North Korea likely has plutonium, which does not require a cumbersome enrichment process depending on the cascading centrifuges that were a fat target for Stuxnet, they said.

Excerpts from NSA tried Stuxnet cyber-attack on North Korea five years ago but failed, Reuters, May 29, 2015