North Korean Hackers Stole $400m In Crypto Currency

North Korean hackers stole at least $400m (£291) in crypto currencies and other digital assets in 2021, according to an analysis of blockchain activity by Chainalysis, who say it was one of most successful years to date for cyber criminals in the closed east Asian state. 

Indeed, it looks like North Korean cyber criminals have been responsible for launching at least seven attacks on crypto currency platforms, mainly targeting investment firms and centralised exchanges. 

So successful are these attacks that some experts now  recommend investors move large amounts of crypto currency not needed day-to-day to "cold" wallets, disconnected from the wider internet.

Although North Korea has repeatedly denied being involved in hack attacks attributed to them, according the Chainanalysis, "From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%," The hackers used a number of techniques, including phishing lures, code exploits and malware to siphon funds from the organisations' "hot" wallets and then moved them into North Korea-controlled addresses, the company said.

These complex tactics and techniques have led many security researchers to characterise cyber actors for the Democratic People’s Republic of Korea (DPRK) as advanced persistent threats (APTs). 

This is especially true for APT 38, also known as “Lazarus Group,” which is led by North Korea’s primary intelligence agency, the so-called General Reconnaissance Bureau. While these exploits are attributed to  North Korean-linked hackers, these attacks were most likely carried out by the Lazarus Group alone.

The Lazarus Group has previously been accused of involvement in the WannaCry ransomware attacks, the hacking of international banks and customer accounts and cyber attacks on Sony Pictures in 2014.

Chainalysis did not identify all the targets of the hacks, but said they were primarily investment firms and centralised exchanges, including the Japanese Liquid Exchannge, which announced in August 2021 that an unauthorised user had gained access to some of the crypto-currency wallets it managed.

The attackers used phishing lures, code exploits, malware and advanced social engineering to extract  funds out of these organisations’ internet-connected “hot” wallets into North Korea-controlled addresses.

The report said researchers had identified $170m in old, unlaundered crypto-currency holdings from 49 separate hacks spanning from 2017 to 2021. "Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out."  The report said it was unclear why the hackers would still be sitting on these funds but that they could be hoping to outwit law enforcement interest before cashing out. “Whatever the reason may be, the length of time that North Korea is willing to hold on to these funds is illuminating, because it suggests a careful plan, not a desperate and hasty one.”

A United Nations panel of experts that monitors sanctions on North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programmes to circumvent sanctions. 

Asia Financial:     Chain Analysis:   Public UK:     BBC:    Al Jazeera:    Guardian:    Yahoo:     PC Magazine:     

You Might Also Read:  

North Korea Accused Of Pfizer Vaccine Hack:

 

« Ukraine Government Hit By Massive Cyber Attacks
Process Sensor Cyber Security Is A Vital Issue »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BH Consulting

BH Consulting

BH Consulting we are a vendor independent consulting firm providing market leading range of information security services focused on data protection and cybersecurity.

SSLGURU

SSLGURU

SSLGURU bring all of the major SSL certificate vendors to one market place in order to create the world's largest SSL store with the most competitive prices.

Firebrand

Firebrand

Firebrand is the leader in Accelerated Learning in the field of IT and project management.

SAASPASS

SAASPASS

SAASPASS is a full-stack identity and access management solution, a single product which allows you to manage all your digital and physical access needs securely and conveniently.

Saviynt

Saviynt

Saviynt is a leading provider of Cloud Security and Identity Governance solutions.

Clearswift

Clearswift

Clearswift is trusted by businesses, governments and defense organizations globally for its Adaptive Cyber Security and Data Loss Prevention solutions.

Avansic

Avansic

Avansic is a leading provider of e-discovery and digital forensics services to attorneys, litigation support teams, and business communities.

Private Internet Access

Private Internet Access

Private Internet Access is a Virtual Private Network services provider offering secure encrypted access to the internet.

Temasoft

Temasoft

TEMASOFT is a software company focused on developing security and infrastructure products.

HumanFirewall

HumanFirewall

Your secuirty is dorectly proportional to the awareness of your employees. Use Phishing simulation across your organization to train & profile user behavior.

DarkLight

DarkLight

DarkLight is a cybersecurity platform that mimics human thinking at scale to build resiliency to Advanced Persistent Threats.

Lewis Brisbois

Lewis Brisbois

Lewis Brisbois offers legal practice in more than 40 specialties, and a multitude of sub-specialties including Data Privacy & Cybersecurity.

CRI Group

CRI Group

CRI Group excels at deterring, detecting and investigating crimes against businesses using a global network of professionals specially trained in Anti-Corruption, Risk Management and Compliance.

SecureLayer7

SecureLayer7

SecureLayer7 is an international provider of integrated business information security solutions with an innovative approach to IT security.

Truvantis

Truvantis

Truvantis is a cybersecurity consulting organization providing best-in-class cybersecurity services to secure your organization’s infrastructure, data, operations and products.

DataSolutions

DataSolutions

DataSolutions is a leading value-added distributor of transformational IT solutions in the UK and Ireland.