North Korean hackers are increasing their cyberattacks to steal millions of dollars and are relying on Russian partners to launder the stolen funds, according to experts in cryptocurrency.
The rise in cyberattacks and North Korea’s use of Russian infrastructure to transfer the stolen funds coincides with the growing cooperation between the two countries. North Korean leader Kim Jong Un recently visited Russian President Vladimir Putin and is expected to return to Pyongyang soon.
Blockchain analysts at Elliptic have detected escalating cyber operations by North Korean hackers in recent months. They reported that nearly $240 million worth of cryptocurrency was stolen by North Korea-sponsored hackers over a 104-day period that ended last Friday.
The stolen funds were traced to addresses used by the Lazarus Group, a North Korean-sponsored hacking group that was sanctioned by the US government in 2019, as confirmed by Elliptic’s analysts.
In August, the FBI warned cryptocurrency companies that it had tracked “hundreds of millions of dollars in cryptocurrency” stolen by the Lazarus Group, and that the hackers may attempt to cash out bitcoin worth over $40 million.
Private-sector analysts have also observed that North Korean hackers are increasingly seeking assistance from Russia. Cybersecurity firm Chainalysis reported that $21.9 million of stolen funds was recently transferred to a Russia-based exchange known for facilitating illicit transactions.
“This latest action marks a significant escalation in the partnership between the cyber underworlds of these two nations,” stated Chainalysis on its blog. “Not only does this reveal a strong alliance between North Korean and Russian cybercriminal actors, it also presents challenges for global authorities.”
Although the $21.9 million transfer is significant, Chainalysis estimates that North Korean hacking groups have stolen more than $340 million worth of cryptocurrency so far this year and over $1.65 billion last year.
While it is easier to trace the digital footprints of these cyber thieves’ past actions, apprehending them in the act is much more challenging.
The Biden administration is fully aware of North Korean hacking operations and is taking action to combat these state-sponsored hackers. Top White House cyber official Anne Neuberger stated in May that her team estimated that half of North Korea’s missile program is funded through cryptocurrency theft and cyberattacks. The Treasury Department is actively tracking the funding, while the Departments of Defense and State are working on identifying North Korean hackers.
North Korea’s cyber operations have become increasingly sophisticated and are not limited to monetary theft. They also target sensitive networks to steal valuable information.
In June, The Washington Times reported a North Korean hacking campaign that targeted high-level US intelligence officials, media executives, and national security scholars. Instead of destroying the breached computer networks, the North Korean hackers prioritize cyber espionage, according to cyber intelligence firm Recorded Future.
A June report by Recorded Future revealed that over 70% of cyberattacks attributed to North Korea since 2009 were conducted to collect information, including for the development of nuclear and ballistic missile technology and to fund the regime.
• This article is based in part on wire service reports.
