Link copied 
The United Nations is investigating at least 35 instances in 17 nations of North Koreans using cyberattacks to raise money illegally for its nuclear program.
Last week, a report by the Associated Press revealed that “as much as two billion dollars” was illegally acquired by North Korea from carrying out complex cyber activities against financial institutions and cryptocurrency exchanges.
South Korea is the most favorite target, suffering from as many as 10 attacks, according to the leaked summary report. India followed at second, being a victim of three attacks, whereas Bangladesh and Chile both experienced two.
In addition, 13 countries suffered one attack - Costa Rica, Gambia, Guatemala, Kuwait, Liberia, Malaysia, Malta, Nigeria, Poland, Slovenia, South Africa, Tunisia, and Vietnam.
One attack targeted the international payment system, the Society for Worldwide Interbank Financial Telecommunications (SWIFT), which is used for cross-border money transfers between banks. The report said North Korean hackers accessed bank infrastructure and employee computers to attack the SWIFT system, by sending fraudulent messages and destroying evidence.
The other two possible ways of executing the attack are (1) hacking exchanges or individuals and stealing their coins, and (2) crypto-jacking, which involves installing malware onto a computer that then utilizes system resources to mine cryptocurrency on behalf of the attacker.
The experts said the reported attacks are being investigated as violations of the United Nations sanctions. They further pointed out that these kinds of attacks are “low risk and high yield,” requiring few resources to enact. Unless authorities intervene, it can be assumed that these attacks will continue to happen.
With cryptocurrency exchanges and individuals included in the list of potential victims, it may be hard for South Korean companies such as Bithumb. It can be recalled that Bithumb and four other major crypto exchanges have changed their terms of services to state that they will be held accountable for user losses after a cyberattack or system malfunction.
