North Korean Hackers’ Crypto Holdings Have Hit Record Levels

   2022-01-14 10:01

North Korean hackers’ crypto assets hit $400 million in 2021, according to new reasearch from Chainalysis.

The hackers attacks targeted mainly investment firms and centralised exchanges, leveraging phishing lures, code exploits, malware, and advanced social engineering to re-direct funds to DPRK-controlled addresses.



The persistent and advanced nature of North Korea’s attacks have led to many cybersecurity researchers labelling threat actors from North Korea as advanced persistent threats (APTs) – arguably the most notorius of these being APT 38, also known as “Lazarus Group”, led by DPRK’s primary intelligence agency.

This group in particular, gained infamy from high profile attacks on Sony Pictures and the WannaCry incident. Although now, their focus seems to be on crypto crime, a strategy that is undoubtedly proving incredibly profitable.

Since 2018, Lazarus Group has stolen and laundered vast sums of virtual currency, usually in excess of $200 million every year. The number of high-profile North Korean attacks has hit new heights in the last couple of years – from 2020 to 2021, the DPRK was linked to seven different attacks (an increase of three on the previous year).


Recommended


It’s worth noting however, in terms of dollar value, Bitcoin now accounts for less than one fourth of the cryptocurrencies stolen by DPRK. In 2021, only 20% of the stolen funds were Bitcoin, whereas 22% were either ERC-20 tokens or altcoins. And for the first time ever, Ether accounted for a majority of the funds stolen at 58%.

The growing variety of cryptocurrencies stolen has necessarily increased the complexity of North Korean hackers’ crypto laundering operation.

More than 65% of DPRK’s stolen funds were laundered through mixers in 2021, up from 42% in 2020 and 21% in 2019, suggesting that these threat actors have taken a more cautious approach with each passing year.

In a comment to DIGIT, Jude McCorry, CEO at SBRC said: “2021 was the highest on record for cyber incidents according to the NCSC, so it is unsurprising to hear of the success that international hacking groups have had in infiltrating and stealing valuable digital assets.

“When it comes to crypto, individuals and organisations must ensure their digital wallets are secure – using a combination of “hot” and “cold” wallets to store the appropriate amounts as well as recording the recovery phrases for said crypto wallets.

“Given the fact that experiencing a cyber incident can be debilitating for an organisation – whether it is data or money that is stolen – inaction is simply not an option anymore.”


Get the latest news from DIGIT direct to your inbox

Our newsletter covers the latest technology and IT news from Scotland and beyond, as well as in-depth features and exclusive interviews with leading figures and rising stars.

We will keep you up to date on the pivotal issues impacting the sector and let you know about key upcoming events to ensure that you don’t miss out on what’s going on across the Scottish tech community.

Click here to subscribe.


Original Source