North Korean Hackers Stole $400m In Crypto Currency

Uploaded on 2022-01-14 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW, BUSINESS-Services-Financial

North Korean hackers stole at least $400m (£291) in crypto currencies and other digital assets in 2021, according to an analysis of blockchain activity by Chainalysis, who say it was one of most successful years to date for cyber criminals in the closed east Asian state. 

Indeed, it looks like North Korean cyber criminals have been responsible for launching at least seven attacks on crypto currency platforms, mainly targeting investment firms and centralised exchanges. 

So successful are these attacks that some experts now  recommend investors move large amounts of crypto currency not needed day-to-day to "cold" wallets, disconnected from the wider internet.

Although North Korea has repeatedly denied being involved in hack attacks attributed to them, according the Chainanalysis, "From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%," The hackers used a number of techniques, including phishing lures, code exploits and malware to siphon funds from the organisations' "hot" wallets and then moved them into North Korea-controlled addresses, the company said.

These complex tactics and techniques have led many security researchers to characterise cyber actors for the Democratic People’s Republic of Korea (DPRK) as advanced persistent threats (APTs). 

This is especially true for APT 38, also known as “Lazarus Group,” which is led by North Korea’s primary intelligence agency, the so-called General Reconnaissance Bureau. While these exploits are attributed to  North Korean-linked hackers, these attacks were most likely carried out by the Lazarus Group alone.

The Lazarus Group has previously been accused of involvement in the WannaCry ransomware attacks, the hacking of international banks and customer accounts and cyber attacks on Sony Pictures in 2014.

Chainalysis did not identify all the targets of the hacks, but said they were primarily investment firms and centralised exchanges, including the Japanese Liquid Exchannge, which announced in August 2021 that an unauthorised user had gained access to some of the crypto-currency wallets it managed.

The attackers used phishing lures, code exploits, malware and advanced social engineering to extract  funds out of these organisations’ internet-connected “hot” wallets into North Korea-controlled addresses.

The report said researchers had identified $170m in old, unlaundered crypto-currency holdings from 49 separate hacks spanning from 2017 to 2021. "Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out."  The report said it was unclear why the hackers would still be sitting on these funds but that they could be hoping to outwit law enforcement interest before cashing out. “Whatever the reason may be, the length of time that North Korea is willing to hold on to these funds is illuminating, because it suggests a careful plan, not a desperate and hasty one.”

A United Nations panel of experts that monitors sanctions on North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programmes to circumvent sanctions. 

Asia Financial:     Chain Analysis:   Public UK:     BBC:    Al Jazeera:    Guardian:    Yahoo:     PC Magazine:     

You Might Also Read:  

North Korea Accused Of Pfizer Vaccine Hack:

 

« Ukraine Government Hit By Massive Cyber Attacks
Process Sensor Cyber Security Is A Vital Issue »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NextLabs

NextLabs

NextLabs provides data-centric security software to protect business-critical data and applications.

OSIRIS Lab - NYU Tandon

OSIRIS Lab - NYU Tandon

The Offensive Security, Incident Response & Internet Security Lab (OSIRIS) is a security research environment where students analyze and understand how attackers take advantage of real systems.

WeSecureApp (WSA)

WeSecureApp (WSA)

WeSecureApp is specialized in providing Cyber Security Solutions to safeguard your applications and networks.

Riverside Research

Riverside Research

Riverside Research is a not-for-profit organization chartered to advance scientific research in areas including Trusted & Resilient Systems.

Cog Systems

Cog Systems

Cog Systems offer an embedded solution built on modularity, proactive security, trustworthiness, and adaptability to enable highly secure connected devices.

Trustless Computing Association (TCA)

Trustless Computing Association (TCA)

TCA is is a non-profit organization promoting the creation and wide availability of IT and AI technologies that are radically more secure and accountable than today’s state of the art.

Assertion

Assertion

Assertion secures your collaboration (UC/CC) systems from cyber risks. Enforcing the right set of controls and monitoring them continually brings down risk to acceptable levels.

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS) is a non-profit organization dedicated to the recruitment, retention and advancement of women in the cybersecurity field.

EUROCONTROL

EUROCONTROL

EUROCONTROL is a pan-European, civil-military organisation dedicated to supporting European aviation. We help our stakeholders protect themselves against cyber threats.

Blockchain Firm

Blockchain Firm

Blockchain Firm is a leading Blockchain based software solutions and service provider with our roots of expertise running deep into the technology.

Solidified

Solidified

Solidified is the largest audit platform for smart contracts. Our community has the highest concentration of top Blockchain security specialists and best-in-class code auditors.

Nexum

Nexum

Nexum takes a comprehensive approach to security, from detecting and preventing network threats, to equipping you with the information, tools and training you need to effectively manage IT risk.

Soliton

Soliton

Soliton is a leading Japanese technology company and a pioneer in IT security solutions for protecting company resources and data from external IT security threats.

IntelliGenesis

IntelliGenesis

IntelliGenesis provide comprehensive cyber, data science, analysis, and software development services that provide tailored, secure solutions for your critical data and intelligence needs.

Cyber Range Solutions (CRS)

Cyber Range Solutions (CRS)

CRS provides cyber security training and improve security team performance by providing a hyper realistic, virtual training environment.

Attestiv

Attestiv

Attestiv puts authenticity into photos, videos and documents by utilizing advanced technologies in AI and tamper-proofing.