A report published by cybersecurity organization Insikt Group claims internet use in North Korea has grown significantly in the past three years. The group cites a “300% increase in the volume of activity to and from North Korean networks since 2017,” and part of this activity involves monero (XMR) mining. Insikt observes a tenfold increase in mining of the privacy coin by the DPRK since May 2019. Though the global internet is used only by elite parties in the communist nation, crypto is said to be mined in an effort to avoid Western sanctions, with monero likely “more attractive than Bitcoin” according the group, thanks to its anonymity.
New Report by Insikt Group on North Korean Mining Activity
Insikt Group, a division of private cybersecurity firm Recorded Future, has just released a new report on internet activity in North Korea which finds that both internet usage and mining of monero have increased drastically in recent months.
“For this research, Insikt Group examined North Korean senior leadership’s internet activity by analyzing third-party data, IP geolocation, Border Gateway Protocol (BGP) routing tables, network traffic analysis, and open source intelligence (OSINT) using a number of tools,” the paper states. “The data analyzed for this report spans from January 1, 2019 to November 1, 2019.”
As global internet usage is restricted to elite parties and political officials in the communist regime, findings on crypto mining and network usage can be viewed as all the more compelling. Insikt observes:
10x Increase in Monero Mining
For those in the crypto space, the finding likely to be most notable relates to mining of XMR in the regime. Stating that as of November last year the group has continued “to observe small-scale mining of Bitcoin,” Insikt details, “The traffic volume and rate of communication with peers has remained relatively static over the course of the last two years,” and that “we remain unable to determine hash rate or builds.”
While North Korea has previously been reported to be involved in the mining, stealing, or generating of bitcoin, litecoin, and monero, Insikt emphasizes:
By our assessment, as of November 2019, we have observed at least a tenfold increase in Monero mining activity. We are unable to determine the hash rate because all of the activity is proxied through one IP address, which we believe hosts at least several unknown machines behind it.
The report cites the “Wannacry” ransomware attack of 2017, noting: “Monero has been used by North Korean operators since at least August 2017, when the Bitcoin profits from the Wannacry attack were laundered through a Bitcoin mixer and ultimately converted to Monero.”
The group further elaborates: “Monero is also different in that it was designed to be mined by non-specialized machines, and its mining ports tend to scale by capacity. For example, many miners use port 3333 for low-end machines, and port 7777 for higher-end, higher-capacity machines.” The notable increase is observed as occurring over port 7777 according to the group, which added: