Hackers backed by North Korea have stolen billions of dollars in crypto over the last five years.
The dictatorship has been looking for ways to decrease the impact of the sanctions imposed by Western nations, and stealing crypto has proven to be an effective way to get funds. Wall Street Journal first reported the story and said that approximately half of the country’s ballistic missile program is funded with stolen crypto assets.
The hackers have developed a list of sophisticated tricks that allow them to weasel their way into the networks of possible targets, including companies and wealthy people.
Sometimes a North Korean hacker would pose as a recruitment officer to get an employee’s attention. The cybercriminal would then share an infected file with the unsuspecting company employee. The malicious code would then be used as a backdoor for the hackers to get into the targeted company’s network and launch an attack on the enterprise. This was the case of the famous 2021’s Axie Infinity hack that allowed the North Koreans to steal more than $600 million after one of the game developers was offered a fake job by the hackers.
Sometimes the cybercriminals would apply for a job, use Westerners to help them navigate the interview process, and then look for possible ways to exploit the system or even create security loopholes themselves. The work-from-home revolution has not made things easier for IT staff either, as working from home presents many security challenges. The North Korean hackers also sometimes pretended to be government officials.
North Korea has always been very vocal against the US, and some of the nuclear-armed nations considered allies of the US. With this in mind, most of the stolen crypto supposedly comes from Western countries, such as the USA and Canada, and other countries North Korea considers unfriendly such as Japan.
It is not confirmed if all the stolen crypto is delivered by North Korea’s most famous Lazarus Group (also known as APT38). Still, the criminal organization backed by the North Koreans likely continues to be hugely involved in the attacks on US entities even though the US Treasury’s OFAC included Lazarus on the naughty list of North Korean sanctions.
North Korea has always been firm in defense, and stealing crypto has proven to be a sweet spot allowing the dictatorship to fund its endeavors, such as developing the country’s weapons of mass destruction program.