North Korean hackers are developing malware to mine cryptocurrencies on victims' computers as UN sanctions bite.

A spin-off of the Lazarus Group - a hacking organisation which cybersecurity researchers have linked to North Korea - is developing malware as a method of generating money rather than stealing data.

The hacking unit, called Andariel, penetrated a server at a South Korean company last summer and used it to mine a cryptocurrency called Monero - one of the few digital currencies which is not based on Bitcoin.

Kwak Kyoung-ju, the head of a cybersecurity analysis group at the South Korean government-backed Financial Security Institute, said Andariel used the server to generate around $25,000 (£18,400) according to Bloomberg.

Unlike the Bitcoin-based systems, Monero does not publicly track who is sending and receiving the cash, making it preferable for those who want to put extra resources into maintaining their anonymity.


It grew popular in 2016 when it was adopted by the darknet market AlphaBay which was shut down by a huge international operation in July 2017.

:: Nuclear button is on my desk, Kim Jong Un warns

North Korea sanctions an 'act of war'

At the same time as exploring other cryptocurrencies, North Korea is seeking to profit from Bitcoin's surging value by hacking Bitcoin exchanges, security researchers told Sky News in December.

The British Government believes North Korea was to blame for the ransomware that crippled NHS computer systems earlier this year.

The WannaCry attack hit businesses and government services worldwide as it infected more than 300,000 computers in 150 countries in a matter of days, encrypting the computers and demanding Bitcoin in return for the decryption key.

North Korean hackers have been accused of the largest cyber heists the world has ever seen - and, as sanctions linked to the secretive state's nuclear missile programme start to bite, Pyongyang's premiere hacking group has been identified stealing Bitcoin too.

From 2015 through to 2016, a series of sophisticated cyber heists targeting the SWIFT global financial messaging service allowed a state-sponsored cybercrime collective, which researchers called the Lazarus Group, to steal millions of dollars.

Cybersecurity researchers linked the Lazarus Group to North Korea, although it is not known whether it is part of the secretive government bureau Office 39, or a group hired by Pyongyang's elite to fill their own coffers.