It now appears increasingly certain that North Korean state-sponsored hackers are resorting to cybercrime — including a massive bitcoin heist — to raise desperately needed cash for the regime.

Key points: South Korea's intelligence services estimate attacks could have cost tens of millions of dollars in stolen funds

South Korea's intelligence services estimate attacks could have cost tens of millions of dollars in stolen funds South Korea's Financial Security Institute recently blamed the North Korean regime for orchestrating such attacks in a report

South Korea's Financial Security Institute recently blamed the North Korean regime for orchestrating such attacks in a report It claimed it was a means of raising foreign currency for the impoverished nation

Internet security experts blame North Korean cybercrime group Lazarus for an attack this week on South Korean currency exchange Youbit, which lost 17 per cent of its currency holdings and has been forced into bankruptcy.

An earlier attack on Youbit in April, which cost the company 3,816 bitcoins worth about $US5 million ($6.5 million), was also conducted by North Korean hackers, according to South Korean investigators.

In last week's attack, hackers broke into the exchange's "hot wallet", an online account that pays out bitcoin withdrawals instantly, security analysts say.

According to Bitcoin magazine, hot wallets offer "greater convenience" but also "put funds at greater risk because they are connected to the internet" compared with safer "cold wallets".

Why cryptocurrency?

As bitcoin values skyrocket, the threat of such cyber attacks has also increased and is predicted to soar in 2018, especially in North Korea which is increasingly isolated by economic sanctions aimed at curbing its nuclear efforts.

Bitcoin doubled its price in the last quarter alone, and internet analysts say it now makes the top 10 most targeted industries for cyber attack, despite its relatively small size and web presence.

The cryptocurrency was trading at more than $US19,000 ($24,800) earlier this week, up from about $US1,000 ($1,300) at the beginning of 2017.

What is Lazarus?

Lazarus is a group of hackers blamed for a spate of cyber espionage and sabotage attacks and online bank robberies that go back to at least 2009.

US authorities including the FBI and the National Security Agency are certain the group is connected to — if not directly under — the command of the North Korean regime.

More recently it appears the group is an umbrella group for other cybercriminal sub-groups, including BlueNoroff, which is more focused on financial crime "with the goal of invisible theft without leaving a trace" according to one cybersecurity company, the Kaspersky Lab.

Who has been affected?

A senior White House official says North Korea is responsible for the WannaCry attack. ( Reuters )

BlueNoroff has been blamed for last year's $US81 million ($105 million) cyber heist of Bangladesh's central bank, after its bank account at the Federal Reserve Bank of New York was hacked.

A report by the Kaspersky Lab identified at least 18 countries — including Australia — where it said the Lazarus/BlueNoroff group had allegedly targeted financial institutions, casinos, manufacturing companies and media organisations.

Lazarus hackers are suspected of carrying out the Wannacry attack last May that shut down hospitals, banks and businesses around the world.

US homeland security adviser Tom Bossert has directly blamed the North Korean regime for the Wannacry virus and vowed to hold Pyongyang accountable.

The Lazarus group was previously accused of carrying out earlier attacks on Sony Pictures and the theft of $US81 million ($105 million) from the Bangladesh Central Bank.

How it ties in with South Korea

Chris Doman, a threat engineer at the software security firm AlienVault, suspects BlueNoroff was behind last week's raid on Youbit.

"The first time I saw them target a bitcoin company was in May this year, the same month they unleashed WannaCry," he told Bitcoin magazine.

"While attacks by Lazarus have mainly been aimed at social disruption, recent reports indicate the group is increasingly going after money."

Recent attacks on other currency exchanges, Bithumb and Coinis, also show the digital fingerprints of hackers from North Korea, according to South Korean researchers.

South Korea's intelligence services estimate attacks on multiple currency exchanges could have cost tens of millions of dollars in stolen funds.

'Lazarus cybercrime group is mounting an ongoing scheme'

Last week a US cyber security firm accused Lazarus of a spearphishing scam which tricked victims into clicking on a fraudulent link for a job as a chief financial officer at a London cryptocurrency company.

Victims unwittingly allowed a malicious code onto their device which made it possible for hackers to download malware or steal data.

In a report, the US company Secureworks said it suspected North Korea was behind the Lazarus group.

"The Lazarus cybercrime group is mounting an ongoing scheme to steal the online credentials of bitcoin industry insiders."

South Korean investigators say spearphishing attacks targeting individuals in South Korea were designed to look as if they were from the country's tax agency or other government bodies, and aimed to steal customers' personal information.

A report by South Korea's Financial Security Institute recently blamed the North Korean regime for orchestrating such attacks as a means of raising foreign currency for the impoverished nation — a marked shift from earlier hacking to cause social disruption or steal military or government data.

Not everyone thinks it is North Korea

But not all experts agree that Pyongyang is responsible.

The internet security company Symantec has previously said that methods used in the WannaCry attacks showed strong links to Lazarus, but not necessarily to the government of Kim Jong-un.

"The WannaCry attacks do not bear the hallmarks of a nation-state campaign but are more typical of a cybercrime campaign," Symantec said in a statement.

"Our analysis only allows us to attribute these attacks to the Lazarus group. The technical details do not enable us to attribute the motivations of the attacks to a specific nation, state or individuals."

South Korea says it is considering the possibility of new sanctions against Pyongyang in the wake of the latest cyber attacks.

North Korea rejects accusations that it has been involved in hacking.