North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017.
Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups have been behind attacks akin to typical cybercriminal gangs, albeit on a much larger scale, given that their operations have been behind 44% of all stolen cryptocurrency throughout last year, according to a report by Recorded Future's Insikt Group.
While cryptocurrency exchanges are at the top of their targeting list, they've also been linked to attacks against individual users and venture capital firms.
Cryptocurrency theft is one of Pyongyang's regime's most significant income streams, notably earmarked for financing military and weapon development programs.
As recently outlined in a confidential United Nations report, North Korean state hackers have been behind unprecedented levels of cryptocurrency theft, stealing between $630 million and more than $1 billion in 2022 alone, effectively doubling Pyongyang's illicit profits from cyber theft compared to the previous.
Their cryptocurrency attacks started surging after the hack of South Korean exchanges Bithumb, Youbit, and Yapizon in 2017 when they stole crypto assets worth roughly $82.7 million.
In the last two years, North Korean Lazarus hackers have been linked to crypto heists against the Harmony blockchain bridge, the Nomad bridge, the Qubit Finance bridge, and the largest crypto hack ever after breaching the Ronin Network cross-chain bridge and stealing $620 million.
This year alone, they've also allegedly stolen $200 million in multiple attacks, including from Atomic Wallet, AlphaPo, and CoinsPaid.
Recorded Future researchers provide a detailed history of North Korean cryptocurrency targeting in their full report, available here.
This week, the Treasury Department's Office of Foreign Assets Control imposed sanctions on the Kimsuky hacking group for their involvement in acquiring intelligence that helped support North Korea's weapons of mass destruction programs.
In September 2019, it levied sanctions on three other North Korean hacking groups for channeling cryptocurrency stolen in cyberattacks back to the country's government.
The Treasury Department also sanctioned the Sinbad, Tornado Cash, and Blender.io cryptocurrency mixer services used by North Korean hacking groups to launder funds stolen in the Atomic Wallet, Axie Infinity, Nomad, and Horizon hacks.
OFAC announced sanctions in May against four North Korean entities engaged in illicit IT worker schemes and cyber assaults intended to generate revenue to fund the Democratic People's Republic of Korea's WMD programs.
Microsoft: BlueNoroff hackers plan new crypto-theft attacks.
New macOS 'KandyKorn' malware targets cryptocurrency engineers.
North Korean hackers exploit critical TeamCity flaw to breach networks.
US govt sanctions North Korea's Kimsuky hacking group.
US seizes Sinbad crypto mixer used by North Korean Lazarus hackers.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sun, 03 Dec 2023 21:15:19 +0000