365 days a year: solutions, knowledge and networking.
Find and offer innovative IT security solutions, take part in our diverse action program and make and maintain contacts.
Become part of the it-sa 365 community!
So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.
So that you can make an onsite appointment, the appointment request will open in a new tab.
Fast money making is what attracts cyber gangsters the most. They avoid protracted attacks with unknown outcomes. Attacks that pay off directly in cash are preferred. Ransomware and the theft of cryptocurrencies are therefore at the top of the popularity scale. A fairly insignificant country is turning this to its advantage.
Using sophisticated techniques, North Korea's state hackers are capturing cryptocurrency and ransomware for the benefit of the country's leader. Meanwhile, this has also come to the attention of the United Nations, as an internal report reveals.
German television ZDF recently reported: "According to the United Nations, North Korea made more money last year from cybercrime than ever before". North Korea is said to have made up to two billion US dollars with it in 2022 alone. The focus is on cryptocurrencies such as Bitcoin or Ethereum. Last year, about as much crypto assets were generated as in the previous years combined. This shows "that 2022 was a record year for theft of virtual assets in North Korea", according to a previously unpublished UN expert report recently reviewed by press and news agencies. For the small country, cybercrime is a way to raise much-needed foreign currency.
North Korea "used increasingly sophisticated cyber techniques to gain access to digital networks involved in cyber financing and to steal information of potential value, including for its weapons programmes", independent sanctions monitors told a UN Security Council committee.
The United States accuses North Korean hackers of stealing cryptocurrencies worth more than 600 million US dollars in connection with the online game "Axie Infinity" alone. To do so, they used a blockchain network that allows users to transfer cryptocurrency in and out of the game.
The online magazine ArsTechnica explains: "Stolen funds are 'laundered' by funnelling them through a series of decentralised exchanges and so-called 'crypto-mixers'. Crypto-mixers are software tools that can mix the crypto holdings of different users and thus disguise their origin. To avoid bundled large deposits triggering alerts to crypto exchanges, the criminals use a so-called "peel chain". Put simply, this is a long chain of addresses from which small amounts of digital currency are peeled out with each transfer. According to a 2020 indictment by the US Treasury Department, two Chinese nationals, acting on behalf of North Korean hackers, successfully transferred $67 million worth of bitcoin using this method, which involved 146 separate transactions. So cryptocurrencies also offer a new way of money laundering.
According to a South Korea-based cybersecurity expert, the Axie Infinity hack shows how North Korean hackers can now "exploit new vulnerabilities in the latest blockchain technologies almost as quickly as they emerge".
Most cyberattacks are carried out by groups controlled by North Korea's main intelligence agency, the Reconnaissance General Bureau (RGB). These groups include teams such as the Lazarus Group, Kimsuky, APT38 or Andariel. For example, the so-called Unit 180 is responsible for "conducting cyber operations to steal foreign funds outside North Korea". The elite cyber unit is the grouping known as Office-121, whose members are among the highest paid in the country. The core team is said to consist of over 1800 people. The affiliation to the individual groups as well as the number of people involved is kept top secret. According to analyses by a Harvard scientist in the US magazine New Yorker, a significant number of the individuals operate outside North Korea, more precisely from other Asian countries. However, the actors basically use virtual private networks (VPNs) to access the internet from outside the country and thus disguise their location. North Korean hackers never attack facilities in China or Russia.
However, the UN report also highlights that the groups also spread malware through various methods, including phishing. One of these campaigns targeted employees of organisations and financial institutions in various countries. "Initial contact with individuals was made via LinkedIn, and once a relationship of trust was established with the targeted individuals, malicious content was transmitted in communications that continued via WhatsApp," the UN report says, according to press reports.
The aforementioned Harvard University cybersecurity researcher believes that North Korean cybercriminals have now developed a faster operational speed. They have managed to routinely carry out attacks on smaller financial institutions without much hassle and burden.
Author: Uwe Sievers
