Kostiantyn Kryvopust: New report reveals how North Korean hackers use cloud computing to launder cryptographic loot

North Korean hackers are hiring cloud mining services to launder their stolen cryptocurrencies amid a recent crackdown on crypto-mixing services. 

According to   a report   by Google-owned cybersecurity firm Mandiant, the Pyongyang-based hacking group APT43, also known as Kimuski, is buying cloud mining services with its stolen funds to produce clean, connectionless blockchain-based cryptocurrency that law enforcement agencies could track.

“APT43 steals and launders enough cryptocurrency to purchase operational infrastructure in line with the North Korean Juche state’s ideology of self-sufficiency, thereby reducing financial pressure on the central government.”

Cloud mining services allow users to mine cryptocurrency, such as Bitcoin, using leased cloud computing power without installing or directly running hardware and related software. 

This eliminates the need for miners to purchase and install their own local mining rigs. 

Mandiant, which has been tracking North Korea’s Advanced Persistent Threat (APT) group since 2018, described the group as a “major player” that often cooperated with other groups.

However, the security firm noted that APT43 is more likely to carry out phishing attempts to finance its own operations, unlike other North Korean groups such as APT38, which are likely to have the main task of raising funds for the regime.

“Related activities included identified payment methods, aliases and addresses used for purchases, and the alleged use of hash rental and cloud mining services to launder stolen cryptocurrency into pure cryptocurrency.”

Mandiant also noted that the group used multiple payment methods to purchase infrastructure and equipment, including PayPal, American Express cards and other services that could be used for future attacks. 

Specifically, the group uses the stolen funds to register domains that mimic popular search engines, web platforms, and cryptocurrency exchanges in order to collect credentials that can be used for future phishing attempts. 

According to the report, the group launched several identity-harvesting campaigns last year targeting academics, journalists, politicians, bloggers and others in the private sector, mainly in South Korea.

North Korean hackers are responsible for large-scale theft of cryptocurrencies

North Korean hacker groups account for a huge share of illegal cyber activity. State-sponsored hackers are also believed to be responsible for some of the biggest crypto thefts in history. 

Earlier this year, the White House said North Korean hackers had stolen more than $1 billion in cryptocurrencies over the past two years, adding that Pyongyang had used the funds to support its missile program.

The US government also said the North Korean hacking group Lazarus was responsible for the breach of Axie Infinity’s Ronin blockchain, in which hackers stole around $625 million worth of Ethereum and USDC.

However, North Korea has repeatedly denied that it is trying to hack the cryptocurrency and has denied allegations against the Lazarus group, which was previously accused of masterminding the 2014 Sony Pictures hack and the 2017 Wannacry ransomware attacks.

Leave a reply

Please enter your comment!
Please enter your name here