North Korean Hackers Stole $400m In Crypto Currency

Uploaded on 2022-01-14 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW, BUSINESS-Services-Financial

North Korean hackers stole at least $400m (£291) in crypto currencies and other digital assets in 2021, according to an analysis of blockchain activity by Chainalysis, who say it was one of most successful years to date for cyber criminals in the closed east Asian state. 

Indeed, it looks like North Korean cyber criminals have been responsible for launching at least seven attacks on crypto currency platforms, mainly targeting investment firms and centralised exchanges. 

So successful are these attacks that some experts now  recommend investors move large amounts of crypto currency not needed day-to-day to "cold" wallets, disconnected from the wider internet.

Although North Korea has repeatedly denied being involved in hack attacks attributed to them, according the Chainanalysis, "From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%," The hackers used a number of techniques, including phishing lures, code exploits and malware to siphon funds from the organisations' "hot" wallets and then moved them into North Korea-controlled addresses, the company said.

These complex tactics and techniques have led many security researchers to characterise cyber actors for the Democratic People’s Republic of Korea (DPRK) as advanced persistent threats (APTs). 

This is especially true for APT 38, also known as “Lazarus Group,” which is led by North Korea’s primary intelligence agency, the so-called General Reconnaissance Bureau. While these exploits are attributed to  North Korean-linked hackers, these attacks were most likely carried out by the Lazarus Group alone.

The Lazarus Group has previously been accused of involvement in the WannaCry ransomware attacks, the hacking of international banks and customer accounts and cyber attacks on Sony Pictures in 2014.

Chainalysis did not identify all the targets of the hacks, but said they were primarily investment firms and centralised exchanges, including the Japanese Liquid Exchannge, which announced in August 2021 that an unauthorised user had gained access to some of the crypto-currency wallets it managed.

The attackers used phishing lures, code exploits, malware and advanced social engineering to extract  funds out of these organisations’ internet-connected “hot” wallets into North Korea-controlled addresses.

The report said researchers had identified $170m in old, unlaundered crypto-currency holdings from 49 separate hacks spanning from 2017 to 2021. "Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out."  The report said it was unclear why the hackers would still be sitting on these funds but that they could be hoping to outwit law enforcement interest before cashing out. “Whatever the reason may be, the length of time that North Korea is willing to hold on to these funds is illuminating, because it suggests a careful plan, not a desperate and hasty one.”

A United Nations panel of experts that monitors sanctions on North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programmes to circumvent sanctions. 

Asia Financial:     Chain Analysis:   Public UK:     BBC:    Al Jazeera:    Guardian:    Yahoo:     PC Magazine:     

You Might Also Read:  

North Korea Accused Of Pfizer Vaccine Hack:

 

« Ukraine Government Hit By Massive Cyber Attacks
Process Sensor Cyber Security Is A Vital Issue »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

DriveLock

DriveLock

Our security solution is designed to prevent external attacks, which are evermore sophisticated as well as monitor, document and even prevent internal incidents.

European Defence Agency (EDA)

European Defence Agency (EDA)

EDAs mission is to improve European defence capabilities. Programme areas include Cyber Defence.

iStorage

iStorage

iStorage is the leading global provider of PIN Activated, hardware encrypted, portable data storage solutions.

CS Group

CS Group

CS Group offers a complete range of security solutions from consultancy to security maintenance and from secure infrastructure design to security governance.

Cyberhaven

Cyberhaven

Cyberhaven provides rapid enablement for GDPR and CCPA compliance, streamlined data security and modern risk management.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

Newtec Services

Newtec Services

IT should be responsive, adaptive, and smart. Now more than ever, you need a business that runs efficiently and can adapt to today's challenges. We can help with custom IT solutions.

Vention

Vention

Vention (formerly iTechArt) is the partner of forward-thinking tech leaders around the globe.

Datenschutz Schmidt

Datenschutz Schmidt

Datenschutz Schmidt is a service provider with many years of experience, we support you in complying with numerous data protection guidelines, requirements and laws.

Sydeco

Sydeco

Sydeco offer a complete range of products that secure computer and industrial networks, servers, programs and data against any type of computer attack.

Klaatu IT Security (KITS)

Klaatu IT Security (KITS)

Klaatu IT Security is a boutique provider of cyber security services, empowering our clients to prioritise and reduce their cyber risk.

Securin

Securin

Securin offers a comprehensive portfolio of solutions including Attack Surface Management, Vulnerability Intelligence, Penetration Testing, and Vulnerability Management.

Automotive Information Sharing & Analysis Center (Auto-ISAC)

Automotive Information Sharing & Analysis Center (Auto-ISAC)

Auto-ISAC provides a forum for companies to analyze and identify threats sooner and share solutions that enhance vehicle cybersecurity.

ZEST Security

ZEST Security

The ZEST platform natively integrates into your technology stack to make efficient risk remediation possible.

Cypheria

Cypheria

Cypheria harness the expertise of elite military units and combine it with extensive digital combat experience to deliver unparalleled security solutions for organizations.

InfoSight

InfoSight

InfoSight offers proven Cyber Security, Regulatory Compliance, Risk Management and Infrastructure Solutions to protect your business and your customers from cyber crime and fraud.