North Korean Hackers Steal Crypto to Fuel Cloud-Based Mining Operation
Cybersecurity firm Mandiant has “graduated” a new hacker group that uses crypto-laundering to fund governmental goals, their existence.
North Korean cybercriminal group APT43 is using cloud computing to launder cryptocurrencies, according to a report from cybersecurity service Mandiant. Researchers say the North Korean group is “using stolen crypto to my clean crypto.”
Key Takeaways
- Mandiant described the group as a “major player” who often collaborates with other groups.
- APT43 steals, and launders enough cryptocurrency to purchase operational infrastructure consistent manner.
- Researchers have found North Korean groups.
- Hash rental cloud mining is a similar practice that involves renting cryptocurrency mining capacity.
- Mandiant has identified payment methods and aliases and addresses the group uses for purchases.
Mandiant, a subsidiary of Google or has been tracking North Korean Advanced Persistent Attack (APT) group since 2018 but only recently “graduated” group or to an independent identity. Mandiant described the group as a “major player” who often collaborates with other groups.
Although its main activity was espionage against South Korea, Mandiant determined that APT43 was likely involved in financing the North Korean regime or sustaining itself through illicit activities. Bottom. The group succeeded in these efforts:
“APT43 steals and launders enough cryptocurrency to purchase operational infrastructure in a manner consistent with the self-reliant ideology of the North Korean Juche state, thereby reducing the tax burden on the central government.”
Researchers have found that North Korean groups “likely use hash rentals, cloud mining services to launder stolen cryptocurrencies into clean cryptocurrencies.”
@MrDanPerez TWEET
Hash rental and cloud mining are similar practices that involve renting cryptocurrency mining capacity. According to Mandiant, they allow cryptocurrencies to be
“mined into a wallet of the purchaser’s choice, with no blockchain-based attribution to the purchaser’s original payment.”
Mandiant has identified the payment methods and aliases and addresses the group uses for purchases. Payment methods used by the group were PayPal, American Express cards, and “likely bitcoin from previous operations.”
Additionally, APT43 used Android malware to collect credentials, from people in China looking for cryptocurrency loans. The group also operates several spoofed sites to collect targeted certificates.
North Korea has been implicated in cryptocurrency heists, including a recent Euler exploit worth over $195 million. According to the United Nations, the North Korean hacker made a record profit of more than $1 billion from his $630 million in 2022. Chainalysis puts that number at least $1.7 billion.
Moreover, the North Korean hacking group APT43 may be using cloud services to launder stolen cryptocurrencies, according to a new report from Google cybersecurity firm Mandiant.
Additionally, the North Korean hacker group Lazarus has reportedly been using stolen cryptocurrencies to mine more cryptocurrencies by using cloud services, according to a new report by cybersecurity.
The group is known for carrying out several high-profile cyber attacks and is believed to work under the guidance of the North Korean government.
The report suggests that this method not only allows hackers to mine more cryptocurrencies but also helps to hide their tracks, as they are using legitimate cloud services. This makes it harder for forensic investigators to trace the source of the attack.