Subject to numerous international sanctions, North Korea has turned to hacking to recover cash for several years. According to two reports released on January 13, one of chain analysis, specializing in the monitoring of cryptocurrency transactions and Kapersky, a Russian cybersecurity company, 2021 has been a particularly prosperous year for North Korean hackers.
North Koreans also love cryptocurrencies
Chainalysis estimates that approximately $400 million in cryptocurrency was stolen in 2021. A 2021 United Nations report, relayed by NBC News, reports that North Korea stole $316 million worth of digital assets in 2020.
Ukraine: several government websites are victims of a massive cyberattack
Cyberattacks linked to North Korea. Credit: Chainalysis
With the increase in the overall value of cryptocurrencies, an ecosystem has logically developed around it. It has become a prime target for hackers. If many sites set up identity checks to avoid money laundering, this is not the case for all. The North Koreans managed to break into at least seven exchanges in the sector to steal money.
The techniques used are classic: phishing and social engineering in mind. Kapersky noted that the North Koreans are spoofing venture capital firm names, to contact startups in the cryptocurrency space to steal them. The cybersecurity company explains “ if a venture capitalist approaches a startup and sends files that look like an investment contract or other promising documents, the startup won’t hesitate to open them, even if some risk is involved and Microsoft Office adds warning messages “.
They notably posed as Digital Currency Group, known in the industry as the owner of Grayscale Investments, the world’s largest cryptocurrency asset manager. About fifteen companies have had their identities usurped.
North Korean hackers are also mobilizing more advanced tools. Kapersky spotted the use of software designed to siphon off funds from targeted wallets. The company takes the opportunity to advise storing large amounts of cryptocurrencies in a ‘cold’ wallet, with a limited connection to the Internet.
The Lazarus group still exists
To launder the outcome of their digital plunder, the North Koreans compared to other cybercriminals are more organized and more strategic. They typically launder modest sums and keep tens of millions of dollars, sometimes more, in cryptocurrency. North Korea is also betting on their rising value.
For the authors of the two reports, North Korean hackers active in the cryptocurrency world are linked to the Lazarus group. This group acquired great notoriety in the 2010s. To avenge the release of a caricature film on North Korea, The Interview, it had hacked Sony.
It is also the group believed to be behind Petya’s WannaCry ransomware. Lazarus is reportedly attached to North Korea’s General Reconnaissance Office, one of its intelligence branches. Under these circumstances, the Lazarus Pirates seem immune to future prosecution.