According to a Chainanalysis report, North Korean hackers had a very successful 2021 year.
As a result of launching at least seven large-scale attacks against cryptocurrency platforms, they made approximately $400 million worth of digital assets.
Targets of the attacks were mainly investment firms and centralized exchanges, which were compromised with the help of phishing tricks, code exploits, malware and other advanced social engineering techniques.
North Korean hackers successfully siphoned funds out of the targets’ internet-connected hot wallets into addresses controlled by Democratic People’s Republic of Korea, the report found out. “Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out,” the report added.
Who’s behind the attacks?
Due to the complexity of the attacks, they are believed to be linked to advanced persistent threat (APT) actors, such as the Lazarus Group a.k.a. APT 38:
This is especially true for APT 38, also known as “Lazarus Group,” which is led by DPRK’s primary intelligence agency, the US- and UN-sanctioned Reconnaissance General Bureau. While we will refer to the attackers as North Korean-linked hackers more generally, many of these attacks were likely carried out by the Lazarus Group in particular.
Lazarus Group has stolen and laundered massive amounts of cryptocurrency in the past few years. Two of the most successful individual attacks against KuCoin and an unnamed crypto exchanged made more than $250 million alone, the researchers said. Apparently, the generated revenue is meant to support North Korea’s WMD and ballistic missile programs, the UN security council believes.
“These behaviors, put together, paint a portrait of a nation that supports cryptocurrency-enabled crime on a massive scale. Systematic and sophisticated, North Korea’s government—be it through the Lazarus Group or its other criminal syndicates—has cemented itself as an advanced persistent threat to the cryptocurrency industry in 2021,” the report concluded.
Previous Lazarus APT attacks
Previous attacks carried out by the Lazarus APT group include clever phishing campaigns, a Lazarus Trojan specifically for macOS, the FASTCASH scheme against banks, fileless techniques, and a ransomware.