North Korean Hackers Stole $400m In Crypto Currency

Uploaded on 2022-01-14 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW, BUSINESS-Services-Financial

North Korean hackers stole at least $400m (£291) in crypto currencies and other digital assets in 2021, according to an analysis of blockchain activity by Chainalysis, who say it was one of most successful years to date for cyber criminals in the closed east Asian state. 

Indeed, it looks like North Korean cyber criminals have been responsible for launching at least seven attacks on crypto currency platforms, mainly targeting investment firms and centralised exchanges. 

So successful are these attacks that some experts now  recommend investors move large amounts of crypto currency not needed day-to-day to "cold" wallets, disconnected from the wider internet.

Although North Korea has repeatedly denied being involved in hack attacks attributed to them, according the Chainanalysis, "From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%," The hackers used a number of techniques, including phishing lures, code exploits and malware to siphon funds from the organisations' "hot" wallets and then moved them into North Korea-controlled addresses, the company said.

These complex tactics and techniques have led many security researchers to characterise cyber actors for the Democratic People’s Republic of Korea (DPRK) as advanced persistent threats (APTs). 

This is especially true for APT 38, also known as “Lazarus Group,” which is led by North Korea’s primary intelligence agency, the so-called General Reconnaissance Bureau. While these exploits are attributed to  North Korean-linked hackers, these attacks were most likely carried out by the Lazarus Group alone.

The Lazarus Group has previously been accused of involvement in the WannaCry ransomware attacks, the hacking of international banks and customer accounts and cyber attacks on Sony Pictures in 2014.

Chainalysis did not identify all the targets of the hacks, but said they were primarily investment firms and centralised exchanges, including the Japanese Liquid Exchannge, which announced in August 2021 that an unauthorised user had gained access to some of the crypto-currency wallets it managed.

The attackers used phishing lures, code exploits, malware and advanced social engineering to extract  funds out of these organisations’ internet-connected “hot” wallets into North Korea-controlled addresses.

The report said researchers had identified $170m in old, unlaundered crypto-currency holdings from 49 separate hacks spanning from 2017 to 2021. "Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out."  The report said it was unclear why the hackers would still be sitting on these funds but that they could be hoping to outwit law enforcement interest before cashing out. “Whatever the reason may be, the length of time that North Korea is willing to hold on to these funds is illuminating, because it suggests a careful plan, not a desperate and hasty one.”

A United Nations panel of experts that monitors sanctions on North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programmes to circumvent sanctions. 

Asia Financial:     Chain Analysis:   Public UK:     BBC:    Al Jazeera:    Guardian:    Yahoo:     PC Magazine:     

You Might Also Read:  

North Korea Accused Of Pfizer Vaccine Hack:

 

« Ukraine Government Hit By Massive Cyber Attacks
Process Sensor Cyber Security Is A Vital Issue »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

T-ISAC Japan coordinates information sharing and activities related to ISP/telecommunications network security in Japan.

Kroll

Kroll

Kroll provides clients a way to build, protect and maximize value through our differentiated financial and risk advisory and intelligence.

Cognni

Cognni

Cognni (formerly Shieldox) will make your InfoSec think like a human, right out of the box, so you can focus on the bigger picture, keeping the information flow safe.

BankVault

BankVault

BankVault is a new type of cyber technology (called remote isolation) which sidesteps your local machine and any possible malware.

Cryptovision

Cryptovision

cv cryptovision GmbH is one of the leading specialists for modern, user-friendly cryptography and solutions for secure electronic identities.

National Cyber Security Agency (NACSA) Malaysia

National Cyber Security Agency (NACSA) Malaysia

NACSA is the leading government agency in Malaysia responsible for the development and implementation of national cyber security management policie and strategies.

CyberDegrees.org

CyberDegrees.org

CyberDegrees.org aims to provide top-notch information for students seeking Cyber Security education and career guidance.

Marlabs

Marlabs

Marlabs is a Digital Technology Solutions company that helps companies adopt digital transformation using a comprehensive framework including Digital Automation, Enterprise Analytics and Security.

United Network Technologies

United Network Technologies

United Network Technologies is a leading Managed Services Provider, distributor and developer of specialised cyber security components and technologies.

SoftwareONE

SoftwareONE

SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions.

Narf Industries

Narf Industries

Narf Industries are a small group of reverse engineers, vulnerability researchers and tool developers that specialize in tailored solutions for government and large enterprises.

Veriti

Veriti

Veriti is a unified security posture management platform that integrates with your security solutions and proactively identifies and remediates potential risks and misconfigurations.

Borwell

Borwell

Borwell delivers software and IT solutions to the UK MoD and to UK Government departments, which are secure by design.

CloudGuard

CloudGuard

CloudGuard is an AI-driven XDR platform that helps organisations to proactively detect and automatically remediate threats in real-time.

2021.AI

2021.AI

2021.AI serves the growing business need for full oversight and management of applied AI.

Scality

Scality

Scality storage unifies data management from edge to core to cloud. Our market-leading file and object storage software protects data on-premises and in hybrid and multi-cloud environments.