SEOUL • The messages are alluring, the pictures are attractive. But the women seeking to beguile South Korean bitcoin executives could actually be hackers from Pyongyang in disguise, experts warn.
In the face of sanctions over its banned nuclear and ballistic missile programmes, cash-strapped North Korea is deploying an army of hackers as it eyes a lucrative new source of hard currency, according to Agence France-Presse (AFP).
Its cyber warfare abilities first came to prominence when it was accused of hacking into Sony Pictures Entertainment to take revenge for The Interview, a satirical film that mocked its leader Kim Jong Un.
But it has rapidly expanded from political to financial targets, such as the central bank of Bangladesh and bitcoin exchanges worldwide, with Washington this week blaming it for the WannaCry ransomware that wreaked havoc earlier this year. And Youbit, a South Korean crypto currency exchange, shut down on Tuesday after losing 17 per cent of its assets in a hack - its second cyber attack this year, with the North accused of being behind the first.
According to multiple South Korean reports citing Seoul's intelligence agency, North Korean hackers approach workers at digital exchanges by posing as beautiful women on Facebook, striking up online conversations and sending files containing malicious code.
They also bombard executives with e-mails posing as job seekers sending resumes - with the files containing malware to steal personal and exchange data.
Mr Moon Jong Hyun, director at Seoul cyber security firm EST Security, said the North has stepped up online honeytrap tactics targeting Seoul's government and military officials in recent years.
"They open Facebook accounts and maintain the online friendship for months before backstabbing the targets in the end," Mr Moon told a cyber security forum.
Mr Simon Choi, director of Seoul cyber security firm Hauri, has accumulated vast troves of data on Pyongyang's hacking activities and has been warning about potential ransomware attacks by the North since last year.
He told AFP: "The North's hacking operations are upgrading from attacks on 'enemy states' to a shady... moneymaking machine in the face of more sanctions."
Meanwhile, the 38North website, a North Korea monitoring project, said a major Russian telecommunications company in October started providing an Internet connection to North Korea, which will give Pyongyang 60 per cent more bandwidth and could embolden it to carry out more destructive cyber attacks.