Suspected North Korean army of 'pink' hackers making money online

Experts warn that beautiful girls trying to seduce "kingpins" in the virtual currency market could be North Korean hackers "impersonating" them to make money online.

South Korea's cryptocurrency market closed on December 19 after cyber attacks. Photo: AFP

Faced with increasingly tough sanctions from the international community over its controversial weapons program, North Korea is believed to be deploying an army of highly trained hackers tasked with generating money for the country, according to some experts.

The capabilities of North Korean hackers have come into sharper focus following a cyberattack on Sony Pictures, which was believed to be in retaliation for Sony releasing a film criticizing North Korean leader Kim Jong-un. However, North Korean hackers are believed to have shifted from political to financial targets, including attacks on the Bangladesh central bank and global bitcoin exchanges.

This week, the US officially accused North Korean hackers of spreading the WannaCry ransomware that affected 300,000 computers in 150 countries around the world. In addition, a South Korean cryptocurrency market was forced to close yesterday, December 19, after losing 17% of its funds in a cyber attack. This is the second cyber attack on the cryptocurrency market this year, and the suspects behind the first attack are believed to be North Korean hackers.

"Love trap" on the internet

South Korean reports citing the country’s intelligence agency said that North Korean hackers are believed to have approached cryptocurrency traders under the guise of pretty girls on Facebook. After befriending them, the girls would try to strike up a conversation and eventually send them files containing malicious code.

In addition, the girls, who are suspected to be North Korean hackers, also targeted bosses who are “kingpins” in the virtual currency world. The way these girls attacked was by posing as job seekers, then sending job applications via email to the bosses, which contained files containing malicious code to steal personal data as well as information about virtual currency transactions.

WannaCry malware attacks 300,000 computers in 150 countries. Photo: EPA

In recent years, North Korea is suspected of stepping up its “cyber love trap” tactics targeting South Korean military and government officials, according to Moon Jong-hyon, director of Seoul-based cybersecurity firm EST.

“They created Facebook accounts and maintained online friendships for months before stabbing each other in the back,” Mr. Moon said, adding that many hackers claimed to be students studying at universities in the United States or working at research institutes.

Simon Choi, director of Seoul-based cybersecurity firm Hauri, has been collecting data on suspected North Korean hacking activities and has been warning about them since 2016. “In the face of more sanctions, North Korea’s cyberattacks have been upgraded from targeting ‘enemy countries’ to targeting profit-making machines,” Choi said.

According to Mr. Choi, North Korean hackers have been interested in the bitcoin market since at least 2012, and the number of attacks has increased as the virtual currency market has grown. This year alone, the number of bitcoin attacks suspected to be carried out by North Korea has increased 20-fold.

The lack of regulations and “lax anti-money laundering controls” in many countries have made virtual currencies an attractive target for North Korean hackers, according to US cybersecurity firm FireEye. FireEye ranked North Korea in the “quad” along with Iran, Russia and China after discovering that more than 90% of the cyber attacks handled by FireEye were from these four countries.

Experts say the North Korean hacker army consists of young talents recruited from schools and then sent to Kim Chaek University of Technology or Kim Il Sung Military University in Pyongyang for training. The number of North Korean hackers is estimated at more than 7,000.

According to Dan Tri