According to a report, it seems the ruling elite in North Korea are now using the Internet more and more to take advantage of money-making opportunities and avoid various economic sanctions. Not only is the Kim regime utilising interbank transfer systems, online gaming, and even cryptocurrencies, but they’re exploiting them for money.
The report reveals that some Singapore-based North Korea-enablers are running what’s called Marine Chain.io, which appears to be a cryptocurrency scam. In addition to this, there could also be links between the DPRK and Interstellar cryptocurrency (also known as HUZU, or HOLD).
As to Marine Chain.io, their website says it is an asset-backed cryptocurrency with the main goal of the tokenisation of ships. Some Redditors, however, were quick to notice similarities between the scammers’ websites and another one in the niche.
How does the scam work?
Initially, the website promises a stable cryptocurrency that’s backed by real-world assets. Unfortunately, they simply aren’t providing the service as promised, and once they’re happy with the number of investors, they close the website and run off with the money.
Once Recorded Future researchers were able to identify Marine Chain as a scam, their focus switched to finding its owner. With some simple research, they quickly found the domain was hosted using the same IP address as another company, which was earlier found to be scamming users out of thousands of dollars.
People behind the scenes
The next step in the investigation was to use open-source intelligence to find more information; this included fake company advisors and other important names. Over time, the investigation gained momentum, and the team quickly found out more about the history of Marine Chain’s CEO. Above all else, there was a connection between this CEO and some other companies that aided the country in avoiding international sanctions dating back to 2013 (and potentially even further); they did this through illicit activity on the DPRK’s behalf.
The report stated that Capt. Foong, a member of the Marine Chain, belonged to a wider group of enablers helping North Korea in its attempts to escape international sanctions. This time, they used cryptocurrencies to get funds for the regime, and also to launder funds.
Sadly, cryptocurrency-based scams are becoming more common for North Koreans. However, this is a kind of low-level cybercrime Kim regime is using in addition to other more serious activities like ransomware.
According to GroupIB, a cybersecurity company, about 14 cryptocurrency exchanges lost nearly $900 million in cyberattacks between 2017 and 2018. Their report suggested that North Korean hackers from the well-known Lazarus group are responsible for at least five of these attacks.
Internet in DPRK
It’s a well-known fact that North Korea has severe restrictions on the Internet. It is simply forbidden there. Only some of the ordinary people can access Kwangmyong, which is a local intranet. But it is lesser-known that the ruling elite and a few privileged geeks are allowed to use the Internet in full.
When Recorded Future started to monitor activities of North Korea scammers, they noticed specific traffic spikes on weekends with a particular focus on content streaming and online gaming. In 2018, behaviour started to change, and online activity increased during the week, suggesting that those privileged began accessing the global network at work.
Starting in the second quarter of 2018, the researchers saw a substantial increase in the use of anonymisation technologies like the Onion Router (Tor) and the Transport Security Layer (TLS) protocol. Other traffic obfuscation tools were also being used, and this included. For example, recently, the DPRK tech gurus have started to hunt for VPS and VPN deals.
In total, three IP addresses were used for outbound connections. One of them belongs to the North Korea IP range. The other two addresses belong to Russia and China.