Elite North Korean hacking group exploits ‘crypto’ services to launder stolen currencies, strategic surveillance

Getting your Trinity Audio player ready...

Cybersecurity firm Mandiant has revealed that North Korea’s government is relying on hacking organizations to fund espionage activities.

APT43, a state-sponsored hacking syndicate, has been identified as a major player in North Korea’s espionage schemes by relying on strategic intelligence collection. Mandiant notes that APT43’s focus since 2018 revolves around nuclear intelligence, while their attacks on health verticals point toward Pyongyang’s shifting focus.

Despite the affiliations with the North Korean state, Mandiant’s report claims that APT43 operates with a measure of independence. The criminal syndicate regularly attacks digital asset wallets to raise funds for itself, unlike APT38, which sources funds for the government.

“The prevalence of financially-motivated activity among North Korean groups, even among those which have historically focused on cyber espionage, suggests a widespread mandate to self-fund and an expectation to sustain themselves without additional resourcing,” said Mandiant.

Mandiant claims APT43 uses stolen BTC to pay for cloud mining services to churn out “clean bitcoin” as a way to launder funds.

“For a fee, these hash rental and cloud mining services provide hash power, which is used to mine cryptocurrency to a wallet selected by the buyer without any blockchain-based association to the buyer’s original payments,” read the report.

APT43 was identified in a scheme involving a malicious Android application to steal applicants’ credentials, with Chinese citizens being the most hit.

For its primary objective of espionage, APT43 is keen to get its hands on information within the U.S. military and research developed by U.S.-based academia. The syndicate attempts to get its hand on the information by building rapport with victims by posing as journalists or think-tank analysts seeking harmless opinions.

North Korea – The bad wolf of ‘crypto’ street

Several studies have shown that North Korean hacking groups are responsible for the biggest digital asset heists in recent times. North Korean bad actors have stolen over $2 billion worth of digital assets, according to a 2019 report released by the United Nations. They notched their largest score in the 2022 Nomad Bridge hack.

Western economic sanctions are the primary motivator for the government’s interest in digital assets as they provide foreign exchange needed for developing nuclear weapons.

In response to the sporadic attacks, countries are now issuing sanctions on hacking groups and their members while educating citizens on the best ways to protect themselves from the bad actors.

Watch: Sentinel Node Blockchain Tools to Improve Cybersecurity