New report finds XMR’s North Korean mining increased tenfold in 2019, 300% online business

[ad_2][ad_1]

A report released by the cybersecurity organization Insikt Group says Internet use in North Korea has grown significantly over the past three years. The group cites a “300% increase in the volume of activity to and from North Korean networks since 2017” and part of this activity involves mining of monero (XMR). Insikt observes a tenfold increase in DPRK privacy coin mining since May 2019. Although the global internet is only used by elite parties in the Communist nation, cryptocurrencies are said to be mined in an attempt to avoid Western sanctions, with the monero likely “More attractive than Bitcoin” according to the group, thanks to its anonymity.

Also Read: Hacker Group Lazarus Uses Fake Exchanges, Telegram Groups

New report from Insikt Group on North Korea’s mining activity

Insikt Group, a division of privately held cybersecurity firm Recorded Future, just released a new report on internet activity in North Korea which notes that both internet usage and money mining have increased dramatically in recent months.

“For this research, Insikt Group examined the Internet activity of North Korea’s senior leadership by analyzing third-party data, IP geolocation, Border Gateway Protocol (BGP) routing tables, network traffic analysis, and open source intelligence (OSINT). ) using a number of tools, “the document states. “The data analyzed for this report ranges from January 1, 2019 to November 1, 2019”.

As global internet usage is limited to elite parties and communist regime political officials, the findings on cryptocurrency mining and internet usage can be seen as even more compelling. Insikt notes:

For the North Korean political and military elite, 2019 data shows that the internet is not simply a glamorous or recreational activity, but a vital tool for revenue generation, access to prohibited technology and knowledge, and operational coordination.

The report analyzes the global Internet, accessible only to these parties, and does not focus on activities occurring through “Kwangmyong”, the country’s national intranet.

New report finds XMR's North Korean mining increased tenfold in 2019, 300% online business
https://go.recordedfuture.com/hubfs/reports/cta-2020-0209.pdf

10-fold increase in Monero mining

For those in the crypto space, the discovery that is likely to be most notable relates to XMR mining in the regime. Stating that since November of last year the group has continued to “observe the small-scale mining of Bitcoin,” explains Insikt, “The volume of traffic and the speed of communication with colleagues have remained relatively static over the past few years. two years “and that” we cannot determine the hash rate or builds “.

While North Korea was previously reported to be involved in the mining, theft or generation of bitcoin, litecoin and monero, Insikt points out:

According to our assessment, in November 2019, we observed an increase of at least tenfold in Monero’s mining activity. We are unable to determine the hash rate because all activity is proxied via an IP address, which we believe hosts at least several unknown machines behind it.

The report cites the 2017 “Wannacry” ransomware attack, noting: “Monero has been used by North Korean operators since at least August 2017, when the Wannacry attack’s Bitcoin profits were laundered through a Bitcoin mixer and eventually converted into Monero “.

The group further explains: “Monero is also different in that it was designed to be mined by non-specialized machines, and its mine ports tend to scale based on capacity. For example, many miners use port 3333 for low-end machines and port 7777 for high-end, higher-capacity machines. ”The notable increase was observed as occurred on port 7777 according to the group, which added :

… we believe these two factors – anonymity and the ability to be mined by unskilled machines – arguably make Monero more attractive than Bitcoin to North Korean users.

Malware, foreign operators, and DNS tunneling: other means of revenue generation and obfuscation

The Insikt Group report also describes various hacking schemes and obfuscation techniques thought to be used by the DPRK to generate revenue, evade sanctions, and even “to acquire nuclear-related knowledge prohibited by UN sanctions.”

“North Korean defectors also spoke extensively about the role foreign countries play – many unknowingly – in the Kim regime’s computer operations,” the group notes. “From a cyber perspective, third-party countries are used by the Kim regime to both train and host state-sponsored operators.”

When it comes to malware, the Pyongyang-linked “Lazarus” hacker group is an example of how the North Korean government can exploit fake “trading platforms” to generate funds. As reported by news.Bitcoin.com last month, multiple fronts for bogus trading platforms have been discovered and even Telegram groups have been exploited to deliver sophisticated malware.

The report from the Insikt group provides further details on the changes in the behavior of the North Korean opsec, with the incorporation of DNS (Domain Name System) tunneling. “The original intent of DNS was to facilitate searches and associations of domains and IP addresses, not to secure that process,” the group explains. “As a result, and because DNS is so critical to the operation of a network, DNS ports (typically port 53) are left open and traffic is relatively uncontrolled.

DNS tunneling is when the DNS process is used not for domain resolution, but for data transfer or tunneling between networks or devices.

The report argues that while DNS tunneling is nothing new, North Korean users appear to have only introduced the practice as recently as mid-2019.

What do you think of the reports of North Korean actors mining monero more than bitcoin? Let us know in the comments section below.


Images courtesy of Shutterstock, fair use.


Did you know that you can verify any unconfirmed Bitcoin transaction with our Bitcoin Block Explorer tool? Simply complete a search for the Bitcoin address to view it on the blockchain. Also, visit our Bitcoin charts to see what’s happening in the industry.

Tag in this story

Bitcoin, Bypass Sanctions, DNS, Government, Hacking, Malware, mining, Monero, north korea, ransomware, Wannacry, xmr

[ad_2]Source link