North Korea bribed South Korean spies with bitcoin

A North Korean agent paid two South Koreans over half a million dollars’ worth of cryptocurrency to steal military secrets, say South Korean authorities.

A rare physical infiltration of South Korea by the North, South Korean police say that a 38-year-old crypto exchange executive under the direction of a North Korean spy purchased with equipment to tap into government computers for an active-duty military officer. Both are now under arrest.

The “James Bond-esque” equipment included a watch with a hidden camera and a “Poison Tap” USB device to install backdoors in the target – the Korean Joint Command and Control System, the U.S.-South Korea electronic command center that coordinates the two countries’ armed forces.

The agent paid the crypto executive, referred to as “Lee,” over $600,000 worth of cryptocurrency between Feb. and Apr. 2021. The 29-year-old active-duty officer, referred to as Officer B, received less, roughly $37,900 worth.

Cryptocurrency stolen by North Korean hackers has become an “important revenue source” for the regime. The United Nations said that digital assets stolen by Pyongyang are keeping its nuclear and ballistic missile programs afloat amidst harsh sanctions.

Authorities say Lee met the North Korean agent through an online cryptocurrency community six years ago. Captain B was hired by Lee to steal login credentials in person after the executive failed to access KJCCS remotely.

“The North Koreans have demonstrated they’re quite adept at social engineering,” Daniel Pinkston, an expert on North Korean cyber threats and lecturer on cyber warfare at Troy University, told NKNews.

“They will attack vulnerable points and people and exploit them.”

Captain B held large amounts of gambling debt, making him an easy target. South Korean police say he actually provided KJCCS log information to the North Korean agent and Lee, meaning he successfully infiltrated the target.

NK News says that the physical infiltration relatively rare but necessary, as South Korean military computers only accept date from trusted external devices. Other attacks tend to involve spear-fishing or other social engineering tactics that can be executed remotely.