Lazarus Group hackers appear to return to Tornado Cash for money laundering

North Korea's Lazarus hacking group allegedly has turned back to an old service in order to launder $23 million stolen during an attack in November.
Investigators at blockchain research company Elliptic said on Friday that in the last day they had seen the funds - part of the $112.5 million stolen from the HTX cryptocurrency exchange in November - laundered through the Tornado Cash mixing service.
The use of Tornado Cash stood out to Elliptic because the service was sanctioned by U.S. authorities in August 2022, prompting Lazarus actors to turn to another mixing service called Sinbad.io.
Elliptic said it has been tracking the $112.5 million stolen from HTX since the exchange attributed the incident to Lazarus.
The funds were held without movement until March 13, when Elliptic saw some go through Tornado Cash.
Other blockchain security companies confirmed they also saw the funds move across the blockchain.
North Korean hackers have to use services like Tornado Cash and Sinbad.io in order to obfuscate the source of their stolen funds and cash out what they take during the numerous crypto hacks launched over the last three years.
The proceeds help the regime dodge international sanctions related to its weapons programs, according to the U.S. government.
According to the Treasury Department, North Korean hackers used Sinbad and its predecessor Blender.io to launder a chunk of the $100 million stolen on June 3 from customers of Atomic Wallet, as well as significant portions of the more than $620 million stolen from Axie Infinity and the $100 million taken from Horizon Bridge - two of the largest crypto thefts on record.
Researchers estimate that North Korean groups stole about $1.7 billion worth of cryptocurrency in 2022 and about $1 billion in 2023.
Lazarus Group has been operating for more than 10 years, and according to U.S. officials has stolen over $2 billion worth of cryptocurrency to help fund the North Korean government's activities - including its weapons of mass destruction and ballistic missile programs.
The group itself was sanctioned by the U.S. government in 2019.
Jonathan has worked across the globe as a journalist since 2014.
Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.
He previously covered cybersecurity at ZDNet and TechRepublic.


This Cyber News was published on therecord.media. Publication date: Fri, 15 Mar 2024 18:40:04 +0000


Cyber News related to Lazarus Group hackers appear to return to Tornado Cash for money laundering

North Korean Hackers' $12M Ethereum Laundering Via Tornado Cash Unveiled - It has been reported that North Korean hackers associated with the Lazarus Group have exploited Tornado Cash in a recent development to launder approximately $12 million worth of stolen Ethereum in the last 24 hours, using the coin mix-up service ...
7 months ago Cysecurity.news
Lazarus Group hackers appear to return to Tornado Cash for money laundering - North Korea's Lazarus hacking group allegedly has turned back to an old service in order to launder $23 million stolen during an attack in November. Investigators at blockchain research company Elliptic said on Friday that in the last day they had ...
7 months ago Therecord.media
Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus - In its continued efforts to crack down on North Korea's most formidable state-sponsored threat group, the US government has seized a virtual currency mixer that has been serving as the principal way the group launders money stolen from its ...
11 months ago Darkreading.com
US seizes Sinbad crypto mixer used by North Korean Lazarus hackers - The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. A cryptocurrency mixer is a server that allows people to deposit crypto, ...
11 months ago Bleepingcomputer.com
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug - The new malware are two remote access trojans named NineRAT and DLRAT and a malware downloader named BottomLoader. The D programming language is rarely seen in cybercrime operations, so Lazarus probably chose it for new malware development to evade ...
10 months ago Bleepingcomputer.com
US Sanctions Sinbad Mixer: Disrupting Threats Unveiled - The U.S. Treasury Department recently took a significant step in the ongoing battle against cybercrime by imposing sanctions on Sinbad. It's a virtual currency mixer utilized by the North Korea-linked Lazarus Group to launder funds obtained through ...
10 months ago Securityboulevard.com
North Korean hackers exploit critical TeamCity flaw to breach networks - Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. In September, TeamCity fixed a critical ...
11 months ago Bleepingcomputer.com
Police Arrests 1000 Suspected Money Mules - Global law enforcers have arrested just over 1000 individuals suspected of money laundering, and identified thousands more, in a new operation designed to target the vast money laundering economy. Europol's European Money Mule Action operation also ...
11 months ago Infosecurity-magazine.com
Hackers from North Korea Aimed at Medical and Energy Industries - The North Korean Lazarus hacking group has been identified as the perpetrator of a recent cyber espionage operation known as No Pineapple!. This designation highlights the group's malicious activities and its ability to carry out sophisticated ...
1 year ago Cybersecuritynews.com
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
11 months ago Bleepingcomputer.com
CyberCrime & Doing Time: Classic Baggie: A Delaware BEC Case calls him the leader of an International Criminal Organization - The U.S. Attorney's office in Delaware charged Olugbenga Lawal with being a major money launderer for a Nigerian-based international criminal organization that specialized in Business Email Compromise and Romance Scam. The Defendant's importance in ...
9 months ago Garwarner.blogspot.com
Canadian Financial Intelligence Agency Predicts Crypto Crime to Surge Rapidly - As the use of cryptocurrency grows, more criminals are likely to start using it to raise, move, and conceal money outside of the established banking system, according to Canada's financial intelligence agency. In a report published on Monday, the ...
11 months ago Cysecurity.news
Booking.com hackers increase attacks on customers - Hackers are increasing their attacks on Booking.com customers by posting adverts on dark web forums asking for help finding victims. Cyber-criminals are offering up to $2,000 for login details of hotels as they continue to target the people who are ...
11 months ago Bbc.com
DOJ Charges Binance With Vast Money-Laundering Scheme and Sanctions Violations - For years, the world's largest cryptocurrency exchange, Binance, has been dogged by rumors of malfeasance and federal investigations. Today, in a set of accusations that will rock the already tumultuous world of crypto, the US Department of Justice ...
11 months ago Wired.com
US Treasury sanctions Sinbad cryptocurrency mixer used by North Korean hackers - The U.S. Treasury Department on Wednesday sanctioned a popular cryptocurrency mixer used to launder funds stolen by hackers connected to the North Korean government. The Treasury Department's Office of Foreign Assets Control announced new sanctions ...
11 months ago Therecord.media
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
1 month ago Securelist.com
North Korean Hackers Developing Malware in Dlang Programming Language - The North Korea-linked hacking group Lazarus has been observed deploying Dlang malware in attacks against organizations in the manufacturing, agriculture, and physical security sectors, Cisco's Talos security researchers report. Released in 2001, ...
10 months ago Packetstormsecurity.com
North Korean Hackers Developing Malware in Dlang Programming Language - The North Korea-linked hacking group Lazarus has been observed deploying Dlang malware in attacks against organizations in the manufacturing, agriculture, and physical security sectors, Cisco's Talos security researchers report. Released in 2001, ...
10 months ago Securityweek.com
Microsoft: Lazarus hackers breach CyberLink in supply chain attack - Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide. According to Microsoft ...
11 months ago Bleepingcomputer.com
Orbit Chain Loses $86M in Cross-Chain Bridge Hack - Orbit Chain, a South Korean platform designed to act as a multi-asset blockchain hub, revealed a massive breach on December 31, 2023. Orbit Chain revealed specifics of the theft in a series of posts on X, saying the hacker employed cryptocurrency ...
10 months ago Cysecurity.news
Feds nab alleged money launderers for pig butchering scheme - Two alleged ringleaders behind a scheme that laundered some $73 million stolen in pig butchering scams are in U.S. custody, the Department of Justice announced Friday. Yicheng Zhang, a Chinese national who lives in California's Temple City, was ...
5 months ago Therecord.media
North Korean Hackers Have Stolen Over $3 Billion in Cryptocurrency: Report - North Korean threat actors are believed to have stolen more than $3 billion in cryptocurrency to date, according to a report from threat intelligence firm Recorded Future. Collectively tracked as the Lazarus Group, the North Korean hackers specialize ...
11 months ago Securityweek.com
North Korean Hackers Attacked Indian Medical and Energy Companies - The North Korean military's notorious hacking arm, known as the Lazarus Group, has been accused of targeting public and private sector research organizations, an Indian medical research company, and other businesses in the energy sector. Security ...
1 year ago Therecord.media
Southeast Asian casino industry supercharging cyber fraud, UN says - The expanding Southeast Asian casino industry has become the nexus of the region's criminal ecosystem, including its cyber fraud industry, and it is facilitating large-scale money laundering by organized crime networks, a new United Nations report ...
9 months ago Therecord.media
CVE-2016-4839 - The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior ...
3 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)