North Korean Hackers Stole $400m In Crypto Currency

North Korean hackers stole at least $400m (£291) in crypto currencies and other digital assets in 2021, according to an analysis of blockchain activity by Chainalysis, who say it was one of most successful years to date for cyber criminals in the closed east Asian state. 

Indeed, it looks like North Korean cyber criminals have been responsible for launching at least seven attacks on crypto currency platforms, mainly targeting investment firms and centralised exchanges. 

So successful are these attacks that some experts now  recommend investors move large amounts of crypto currency not needed day-to-day to "cold" wallets, disconnected from the wider internet.

Although North Korea has repeatedly denied being involved in hack attacks attributed to them, according the Chainanalysis, "From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%," The hackers used a number of techniques, including phishing lures, code exploits and malware to siphon funds from the organisations' "hot" wallets and then moved them into North Korea-controlled addresses, the company said.

These complex tactics and techniques have led many security researchers to characterise cyber actors for the Democratic People’s Republic of Korea (DPRK) as advanced persistent threats (APTs). 

This is especially true for APT 38, also known as “Lazarus Group,” which is led by North Korea’s primary intelligence agency, the so-called General Reconnaissance Bureau. While these exploits are attributed to  North Korean-linked hackers, these attacks were most likely carried out by the Lazarus Group alone.

The Lazarus Group has previously been accused of involvement in the WannaCry ransomware attacks, the hacking of international banks and customer accounts and cyber attacks on Sony Pictures in 2014.

Chainalysis did not identify all the targets of the hacks, but said they were primarily investment firms and centralised exchanges, including the Japanese Liquid Exchannge, which announced in August 2021 that an unauthorised user had gained access to some of the crypto-currency wallets it managed.

The attackers used phishing lures, code exploits, malware and advanced social engineering to extract  funds out of these organisations’ internet-connected “hot” wallets into North Korea-controlled addresses.

The report said researchers had identified $170m in old, unlaundered crypto-currency holdings from 49 separate hacks spanning from 2017 to 2021. "Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out."  The report said it was unclear why the hackers would still be sitting on these funds but that they could be hoping to outwit law enforcement interest before cashing out. “Whatever the reason may be, the length of time that North Korea is willing to hold on to these funds is illuminating, because it suggests a careful plan, not a desperate and hasty one.”

A United Nations panel of experts that monitors sanctions on North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programmes to circumvent sanctions. 

Asia Financial:     Chain Analysis:   Public UK:     BBC:    Al Jazeera:    Guardian:    Yahoo:     PC Magazine:     

You Might Also Read:  

North Korea Accused Of Pfizer Vaccine Hack:

 

« Ukraine Government Hit By Massive Cyber Attacks
Process Sensor Cyber Security Is A Vital Issue »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ITQ

ITQ

ITQ is an IT consultancy offering services in IT infrastructure assessment, design, implementation, optimization, efficiency and project management.

Promon

Promon

Promon is an application security vendor providing Self-Protection abilities to Mobile apps and Desktop applications.

Borwell

Borwell

Borwell delivers secure software and IT solutions, including cyber security, to UK Government departments as well as UK corporations and many SMEs.

CERT-PA

CERT-PA

CERT-PA is the national Computer Emergency Response Team for Italian government institutions.

Potomac Institute for Policy Studies

Potomac Institute for Policy Studies

Potomac Institute undertakes research on key science, technology, and national security issues facing society, Study areas include cybersecurity.

ComCode

ComCode

ComCode provides consulting services and solutions in the area of digitization and cyber security for mid-sized and big businesses.

Aviva

Aviva

Aviva provides Cyber Liability cover for small to mid-market customers to help combat the threat of data and privacy breach.

Cybertech

Cybertech

Cybertech Conference & Exhibition presents commercial problem solving strategies and solutions for the global cyber threat that meet the diverse challenges for a wide range of sectors.

Trapmine

Trapmine

TRAPMINE is an innovative cybersecurity products company mainly focusing on protecting organizations from Advanced Persistent Threat & Zero-Day attacks.

Cyber Base

Cyber Base

Cyber Base is an Information Technology company based in Uganda providing software and hardware solutions to clients.

Accertify

Accertify

Accertify is a leading provider of fraud prevention, chargeback management, and payment gateway solutions.

NewGens

NewGens

NewGens is a solution and service provider to banking institutions in the APAC region. Areas of expertise include cybersecurity, AML, fruad prevention, compliance and risk management.

Cybersecurity Manufacturing Innovation Institute (CyManII)

Cybersecurity Manufacturing Innovation Institute (CyManII)

CyManII was established to create economically viable, pervasive, and inconspicuous cybersecurity in American manufacturing to secure the digital supply chain and energy automation.

Rogers Cybersecure Catalyst

Rogers Cybersecure Catalyst

Rogers Cybersecure Catalyst helps Canadians and Canadian companies seize the opportunities and tackle the challenges of cybersecurity.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

Basil Security

Basil Security

Basil is a policy enforcement tool for applications and infrastructure, as well as for security, development and operations (DevSecOps).