EXAMINING NORTH KOREA S PURSUIT OF CRYPTOCURRENCIES

Similar documents
Bitcoin Por Favor: Cybercriminal Usage of Cryptocurrency in Latin America

CRYPTOCURRENCIES: HEAD IN THE SAND IS NOT AN OPTION

U2NESCO 2019 CHAIR REPORT Committee: Group of 20 Summit Agenda: On measures to promote and regulate the use of cryptocurrencies and blockchain

Economic and Social Council (ECOSOC) The question of cryptocurrency

BOLENUM. White Paper February 2017

Fourth-generation cryptocurrency platform creation. White Paper. Ver TUX GLOBAL SDN.BHD.

Cryptocurrencies and UK FinTechs

bitqy The official cryptocurrency of bitqyck, Inc. per valorem coeptis Whitepaper v1.0 bitqy The official cryptocurrency of bitqyck, Inc.

Webinar #224. Workbook. Presenter: Kevin Morison

AnonStake: An Anonymous Proof-of-Stake Cryptocurrency via Zero-Knowledge Proofs and Algorand

Next- Generation National Security and Public Safety in Europe

Foreword. Can cryptocurrencies wrest some control away from central banks and traditional financial players, and disrupt the market as we know it?

VANCOUVER POLICE DEPARTMENT

White Paper for the People Uniquely Zimbabwean, Globally Recognised

OPEN SOURCE CRYPTOCURRENCY E-PUB

32 nd CIRIEC International Congress

YOU ARE OF FULL LEGAL AGE IN ACCORDANCE WITH LEGISLATION IN YOUR COUNTRY AND HAVE FULL CAPACITY TO CONTRACT UNDER APPLICABLE LAW;

2018 Economic and Financial Affairs Committee (ECOFIN) Background Guide

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Considering Investing In Cryptocurrency? - Kbgrp.com Topics In Cryptocurrency Investing (gb.3180)

The Economist Case Study: Blockchain-based Digital Voting System. Team UALR. Connor Young, Yanyan Li, and Hector Fernandez

Get Paid to Write Articles on Steemit

2019 Annual Crypto Sentiment Report

A social network for cannabis users on the blockchain.

Legal Challenges in Digitalization and Privacy in Industry 4.0

COMMUNIQUE ISSUED AT THE END OF THE

Results Presentation

Need to access completely for Ebook PDF investing in cryptocurrency cryptocurrency for

CRYPTOCURRENCY: DYNAMICS, STRUCTURES AND MARKETING

Cryptocurrency Musings (February 26, An Ongoing Series) Cryptocurrency vs. Consensus Money: Technology vs. Credibility

Global Cryptocurrency Market Report LICENCED LICENCED. Virtual Currency Wallet Service in Europe (Estonia Reg. No. FVR000204)

Council of the European Union Brussels, 14 September 2017 (OR. en)

GENERAL TERMS & CONDITIONS

LANEAXIS AXIS TOKEN SALE TERMS

UNITED STATES DISTRICT COURT

Extending decentralized currency to the rest of the world.

Decentralized Remittance & Payment Platform WHITEPAPER. English. v c REMIIT. All rights reserved.

Merchants Are Hungry! for New Customers

Blockchain a brief overview

OPEN UP TO BOUNDLESS POSSIBILITIES. 160 Robinson Road #23-08, SBF Center, Singapore,

Running head: ROCK THE BLOCKCHAIN 1. Rock the Blockchain: Next Generation Voting. Nikolas Roby, Patrick Gill, Michael Williams

Identity Theft: Why It Is Not Going Away, How Come Law Enforcement Is Not Working, and Could Regulation Provide Better Outcomes?

Analyzing the DarkNetMarkets Subreddit for Evolutions of Tools and Trends Using Latent Dirichlet Allocation. DFRWS USA 2018 Kyle Porter

WHITE PAPER ver

KRAM We NORODOM SIHAMONI KING OF CAMBODIA

Trans National Crime Kuala Lumpur 06 July 2011 David Napper

BITIBU WHITEPAPER 08 AUGUST 2018 BITIBU TECHNOLOGY V 1.0

NetCents Technology. Pay. Your Way.

Did you miss the Bitcoin?

Table Of Contents. 3.3 Enterprise Blockchain: Decentralized Storage For Centralized Data

Reflections: - Should we Worry About Cryptocurrencies Being Outlawed? - Isn t Bitcoin a Bubble? Outlawing Cryptocurrencies

Islamic Trade Finance Seminar

The Ultimate Guide To Bitcoin For Beginners - Apogeeinvent.com Download Cryptocurrency The Ultimate Guide To The World Of...

Results Presentation

THE ILLUMINATI COIN JANUARY 2018 WHITEPAPER

Token Sale Agreement. The world s best cryptocurrency-based autonomous marketplace of services.

Foreign Policy. GLOBAL CONNECT University of California, Irvine

The Blockchain Brokerage Token Sale and Purchase Agreement

Ontario Model United Nations III

Whitepaper

TERMS OF TOKENS SALE

English. Whitepaper. Updated on February 18 th 2019

Monterey Institute of International Studies 1

GENERAL TERMS AND CONDITIONS OF MRK TOKENS SALE Last updated:

Bitcoin And Cryptocurrency Technologies A Comprehensive Introduction

North Korea: A Comparison of S. 1747, S. 2144, and H.R. 757

The China Challenge. With Holly Hart Mike Wessel Roy Houseman

International seminar

Chapter three: Investment on Cryptocurrency

3 1-1 GDP GDP growth rate Population size Labor force Labor participation rate Employed population

Electronic Voting Service Using Block-Chain

XMX. A bridge of trust between the Mexican Peso and Cryptocurrency. April 2018 (v1.7)

Chapter 6. Disparagement of Property 8/3/2017. Business Torts and Online Crimes and Torts. Slander of Title Slander of Quality (Trade Libel) Defenses

A Study on Ways to Apply the Blockchain-based Online Voting System 1

Incentives in Cardano

Sanctions Update ACAMS. 20 minutes with terrorists, dictators & criminal networks APRIL 30, MUFG Union Bank, N.A.

Economic Development: Miracle, Crisis and Regionalism

Media and promo packages 2018

The United Nations study on fraud and the criminal misuse and falsification of identity

ONLINE.IO BLOCKCHAIN TECHNOLOGIES LTD TOKEN SALE AGREEMENT

Sola SOLA GENERAL TERMS & CONDITIONS OF SOL TOKENS SALE

Payment Substitutes in Traditional Cash Environments

North Korea Sanctions Legislation: Comparing Three Bills under Active Consideration in Congress

NAVAL POSTGRADUATE SCHOOL THESIS

1. Introduction to Cryptoriya The Cryptoriya Function Cryptoriya Technology and MVP... 23

VHCoin WHITE PAPER. An Ethereum-based decentralized platform, an electronic encryption currency build to lead the fourth industrial revolution.

UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF CALIFORNIA

Portugal 2016 RASI Annual Internal Security Report

To whom it may concern, Civil Rehabilitation Debtor: MtGox Co., Ltd. Civil Rehabilitation Trustee: Nobuaki Kobayashi, Attorney-at-law

National Report Japan

DCORP Proposals on VC Platform Terms and Conditions March 2018

Countering Illicit Arms Trafficking and its Links to Terrorism and Other Serious Crime UNODC s Global Firearms Programme

Korea s Case on Remittance Cost Reduction

AS TABLED IN THE HOUSE OF ASSEMBLY

The Big Bang of Banking

Internet-Based Transfers: Current Landscape 1

Taking and enforcing security over cryptocurrency

Luiz Augusto de CASTRO NEVES Ambassador of Brazil

Cryptocurrency 2.0 for Real Economy

DEFINITIONS ENTIRE AGREEMENT

Transcription:

SESSION ID: MASH-R14 EXAMINING NORTH KOREA S PURSUIT OF CRYPTOCURRENCIES Luke McNamara Principal Analyst FireEye

Overview Background on TEMP.Hermit Threat Activity Pivoting to Cyber Crime South Korea Cryptocurrency Exchange Targeting Further activity Impact Takeaways & Outlook 2

History of TEMP.Hermit Closely aligns with Lazarus Group Since 2013: targets of interest to the North Korean state Government victims in the United States, South Korea; energy sector TTPs: Spearphishing, SWCs, usage of wiper malware Separate from APT37 (Reaper) 3

Hermit pivots to cyber crime Since at least 2016 has also targeted financial organizations for monetary gain (MACKTRUCK, NESTEGG) Initially traditional finance targets, SWIFT fraud Late 2016: injects on financial regulatory orgs webpages 4

Office 39 Public reporting on Office 39 details involvement in multiple avenues of illicit financial activity Counterfeiting Smuggling Running hostels and restaurants abroad. 5

Early indications of cryptocurrency interest February 2017: strategic watering hole compromise of cryptocurrency news website WannaCry (May 2017) BTC ransoms exchanged for more anonymous cryptocurrency Monero 6

South Korean Cryptocurrency Trading Metrics South Korean exchanges experienced some of the highest volume in Asia after China closed exchanges in 2017. Hundreds of billions of won traded daily One in five South Koreans invest in cryptocurrencies Until recently, little to no KYC 7

Cryptocurrency Exchanges: Prime Targets Centralized pools of liquidity, hot wallets an attractive target. Great for trading cryptocurrencies, not recommended for securely storing coins. Can t reverse transactions on an immutable ledger Puts increased onus of security on the user 8

TIMELINE April 22 nd Wallets on South Korean cryptocurrency exchange Yapizon are compromised SESSION ID: April 26 The United States announces a strategy of increased economic sanctions against North Korea. Early May Spearphishing against South Korean Exchange #1 begins. Late May South Korean Exchange #2 (Bithumb) targeted and later compromised via spearphish. Early June More suspected North Korean activity believed to be targeting cryptocurrency service providers in South Korea. Early July South Korean Exchange #3 targeted via spear phishing to personal account.

Tactic, Techniques, and Procedures (TTPs) Spearphishing personal email accounts of employees Used lures related to tax information, job postings, and employee resumes PEACHPIT, MANUSCRYPT, and other malware used 10

Cashing Out TEMP.Hermit actors likely had multiple avenues to cash out Cash out for won on another SK exchange OTC trades Exchange for other currencies 11

Other reporting South Korean government confirms hacks of multiple exchanges Reports of mining and cryptojacking North Korean university sponsors blockchain course UK-based cryptocurrency firm reports being spearphished 12

Targeting identification TEMP.Hermit cryptocurrency lure used to spearphish electronics manufacturer in South Korea Coinspace spearphishing Suggestive of opportunistic targeting 13

Assessing the Impact If this activity is to evade international sanctions, how successful has it been? North Korea's 2016 GDP in real terms stood at 32.0 trillion won ($28.50 billion) Timeline matters when it comes to cashing out 14

Assessing the Impact, cont. Yapizon exchange (aka Youbit, Yapian) (2017): 4000 bitcoins stolen according to KISA Bithumb exchange (2017): ~$7 million USD stolen at the time according to South Korean government officials. WannaCry ransomware (2017): ~52.2 bitcoins acquired, later converted to Monero 15

Takeaways Traditional financial sector targeting has continued Continued price decline in cryptocurrency market may reduce some of this activity Indications of some interest in cryptomining malware (Monero especially) 16

Takeaways, cont. TTPs that TEMP.Hermit adopts in targeting the cryptocurrency sector will give insight into how their capabilities and skills are evolving Targeting personal email accounts highlights how an organization s attack surface extends beyond its networks. 17

Outlook: What next? What will be the impact of thawing diplomatic relations on North Korean cyber operations? Cyber espionage? Destructive activity? Cyber crime? 18

QUESTIONS?

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback