North Korean threat actors are believed to have stolen more than $3 billion in cryptocurrency to date, according to a report from threat intelligence firm Recorded Future.
Collectively tracked as the Lazarus Group, the North Korean hackers specialize in cryptocurrency-related intrusions, mainly relying on spear-phishing emails to trick victims into authorizing malicious scripts and downloading malware.
In 2021, the hackers were observed targeting the cross-chain bridges of cryptocurrency platforms, compromising validator keys used to sign transactions.
Starting 2022, Lazarus was seen using strategic web compromise as the initial access vector, trojanized DeFi applications, a fake cryptocurrency application for Android, and supply chain compromise.
The stolen amounts, Recorded Future notes in a new report, have increased significantly over time, with 2023 believed to be the most prolific year for Lazarus.
In 2017, the group stole at least $80 million from various South Korean cryptocurrency exchanges, but is believed to have siphoned more than $1.7 billion in 2022, when it hit Ronin Network, Harmony, Qubit Finance, and Nomad, among others.
This year, the North Korean hackers were blamed for multiple highly profitable cryptocurrency heists, including the Atomic Wallet, Alphapo, CoinEx, CoinsPaid, and Stake.com incidents.
Lazarus is believed to be responsible for a cyberattack on US-based enterprise software company JumpCloud, which provides an Active Directory replacement, likely to set up future attacks on the company's cryptocurrency clients.
The US government has sanctioned three mixers and tens of individuals for laundering billions in assets for the North Korean regime.
Roughly half of the laundered money are believed to fund the country's ballistic missiles program.
This Cyber News was published on www.securityweek.com. Publication date: Mon, 04 Dec 2023 15:43:05 +0000