Report: North Korea Scammed Millions in Crypto-currency from WannaCry Attack

Fireeye’s Cristiana Brafman Kittner
Fireeye's Cristiana Brafman Kittner

Cyber tensions between the U.S. and North Korea are reportedly escalating over word the rogue nation’s hackers stole millions in bitcoin from last May’s WannaCry attack that hit 150 nations and 300,000 computers while crippling banks, hospitals and manufacturers.

South Korean researchers said that attacks on virtual currency exchanges such as Bithumb, Coinis and Youbit have left digital residue that points to North Korea as the culprit, Reuters reported. International sanctions on North Korea have made so-called crypto or virtual currencies a potential goldmine for state sponsored cyber attackers, as the isolated country looks for new sources of revenue.

Indeed, in one year the trading price of BitCoin has spiked from about $1,000 to nearly $18,000 per, based on CoinMarketCap data (via Reuters). So far, the researchers’ claims lack third-party confirmation, the report acknowledged. But a new cyber attack that Youbit announced yesterday, following one in April, may provide additional evidence. This break-in apparently cost the exchange 17 percent of its assets, brought operations to a standstill and forced a bankruptcy filing, Reuters said. Youbit has been consistently targeted by cyber gangsters using code associated with North Korean hackers, the report said.

The $7 million in cryptocurrencies stolen in the earlier attacks on Youbit and other exchanges could be worth $82 million now, a South Korean researcher told Reuters. Cristiana Brafman Kittner, a FireEye principal analyst, told the news agency that North Korean-linked hackers had hit a number of exchanges in the past six to nine months. “We believe that some of the criminal activity we are observing originating from North Korea is a result of the regime looking for alternative sources of revenue,” she said.

Trump Administration Weighs In

Tom Bossert

The Trump administration today formally blamed North Korea for releasing the WannaCry attack. Tom Bossert, the White House’s homeland security and counter-terrorism specialist, pointed the finger for the WannaCry ransomware assault directly at the North Korean government, calling it a “careless and reckless attack,” the Wall Street Journal reported.

He said the U.S. hopes that publicly embarrassing North Korea might discourage the government from launching future hacks. “It’s important to call them out,” he said. The security official admitted that the U.S. has but a few options to try to limit North Korea’s hacking. “We don’t have a lot of room here,” he said.

While Bossert said the U.S. has clear evidence of North Korea’s responsibility for the cyber attacks he declined to provide details, the WSJ report said. Bossert’s remarks followed an earlier WSJ piece in which he said the WannaCry attack was “widespread and cost billions, and North Korea is directly responsible.”

Facebook, Microsoft Protect Cyber Targets

Facebook and Microsoft are also involved. The social networking giant and the OS kingpin last week evidently impeded some North Korean cyber threats both involving the Lazarus Group, a North Korea-linked hacking gang (via Reuters).

“Facebook took down accounts that stopped the operational execution of ongoing cyber attacks and Microsoft acted to patch existing attacks, not just the WannaCry attack initially,” Bossert said. The feds are trying to enlist technology companies to help buttress the country’s cyber security defenses, the official said.

Facebook apparently deleted accounts associated with Lazarus while Microsoft disrupted malware that it relied on for cyber attacks.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.