North Korea uses hackers to monetize crypto heists

north korea crypto hack

According to a report by cybersecurity firm Mandiant, North Korea has employed hackers to fund some state operations through “crypto heists.”

“The country’s espionage operations are believed to reflect the immediate concerns and priorities of the regime, which is currently likely to focus on raising funds through crypto heists, targeting media, news and political entities. , foreign relations and nuclear intelligence, and a slight drop in the once-great theft of COVID-19 vaccine research.”

The report details the country’s cyber operations and how they are structured within the Reconnaissance General Bureau, or RGB — North Korea’s intelligence agency, akin to the CIA or MI-6. It also sheds light on the infamous hacker group “Lazarus” that has been operating out of North Korea since 2009.

According to the report, Lazarus is not a single group of hackers, but an umbrella term that reporters use to refer to many different state-backed hacker groups operating out of the Democratic Republic of North Korea. However, these different groups operate in different “sectors” and have unique responsibilities. One of its responsibilities is to raise money through theft of cryptocurrencies.

Assessed Cyber ​​Structure of Cyber ​​Programs in the DPRK

Latest Cyber ​​Espionage Activity

Hacker groups associated with Lazarus have been active recently, exploiting a Google Chrome vulnerability from early January 2022 to mid-February, when the exploit was patched.

Google’s Threat Analysis Group, or TAG, said in a blog post on March 24 that the North Korean state-backed attacker groups — publicly tracked as “Operation Dream Job” and “Operation AppleJeus” — had exploited an “external code execution vulnerability in Chrome” since early January 2022 to carry out various hacks and phishing attacks. Adam Weidemann of TAG said in the blog post:

“We observed the campaigns targeting US-based organizations in news media, IT, cryptocurrency and fintech industries. However, other organizations and countries may have been targeted.”

The exploit allowed the hackers to send fake job postings to people working in the aforementioned industries, which would then lead to counterfeit versions of popular job search websites such as Indeed.com. The exploit kit and phishing are similar to those tracked in Operation Dream Job. Meanwhile, another hacker group has targeted crypto companies and exchanges using the same exploit kit.

Google said about 340 people were targeted by hacker groups. It added that all identified websites and domains have been added to the Safe Browsing service to protect users and is continuing to monitor the situation.

Lazarus focuses on financial services, crypto

Hacker groups linked to Lazarus have been involved in several hacks on crypto companies and traditional banks for several years now. Some notable hacks include the Bangladesh Bank cyber robbery in 2016 and several crypto-related attacks in 2017.

The main hacker group targeting attacks on financial services is APT38, which was behind the infamous SWIFT hack. It contains a subgroup called CryptoCore or “Open Password”.

Most of these hacks have been successful and it is estimated that hackers have raised more than $400 million for North Korea. An investigation by the UN concluded that the proceeds of these cyber heists have been used to fund the hermit country’s ballistic missile program.

Get your daily summary of BitcoinDeFiNFT and web3 news from CryptoSlate

get a Side on the crypto market

Join CryptoSlate Edge and get access to our exclusive Discord community, more exclusive content and analysis.

Analysis on the chain

Price snapshots

More context

Join now for $19/month Discover all the benefits

Leave a Reply

Your email address will not be published. Required fields are marked *