Analysts claim that North Korean hackers are illicitly acquiring large sums of money and subsequently collaborating with Russians to conceal the origins of these funds.
Cryptocurrency analysts reveal that North Korean hackers are intensifying their cyberattacks to pilfer substantial amounts of money and are relying on Russian collaborators to launder the stolen funds.
The observations of the escalating hacks and North Korea’s use of Russian infrastructure to move the stolen funds come amid growing cooperation between the two countries. North Korean leader Kim Jong Un visited Russian President Vladimir Putin last week and was expected to return to Pyongyang on Monday.
Cryptocurrency analysts have detected North Korean hackers’ escalating operations in recent months. Elliptic’s blockchain analysts said they identified North Korea-sponsored hackers stealing nearly $240 million worth of cryptocurrency during a 104-day period that ended Friday.
Elliptic’s analysts studying digital currency ledgers said on their blog that they tracked the stolen funds moving through addresses used by the Lazarus Group, which is a North Korean-sponsored hacking group sanctioned by the U.S. government in 2019.
In August, the FBI issued a warning to cryptocurrency companies, stating that they had traced the theft of “hundreds of millions of dollars in cryptocurrency” to the Lazarus Group. The FBI also expressed concerns that the hackers might soon try to convert bitcoin valued at over $40 million into cash.
Private analysts from the private sector who are also monitoring the stolen cryptocurrency have noticed a growing trend of North Korean hackers seeking help from Russia.
On Thursday, cybersecurity company Chainalysis revealed that a sum of $21.9 million, which had been stolen, was recently moved to a Russian exchange that is notorious for enabling illegal transactions.
Chainalysis stated on its blog that this recent move represents a major increase in collaboration between the cyber criminal communities of North Korea and Russia. This discovery not only indicates a strong alliance between the two nations’ cyber criminals, but it also poses difficulties for international authorities.
While the $21.9 million transfer does not represent chump change, Chainalysis estimates North Korean hacking groups have stolen more than $340 million worth of cryptocurrency thus far this year and more than $1.65 billion last year.
Finding the historical actions of the cyber criminals through their digital fingerprints has been simpler compared to apprehending them in the act.
The Biden administration is well aware of the North Korean hacking operations and is working to combat the state-sponsored hackers. Top White House cyber official Anne Neuberger said in May that her team estimated half of North Korea’s missile program is funded via cryptocurrency heists and cyberattacks.
At a Center for Strategic and International Studies event, she mentioned that the Treasury Department was actively monitoring the funding, while the Departments of Defense and State were engaged in the task of identifying hackers from North Korea.
North Korea’s cyber activities have advanced beyond mere financial theft, encompassing the infiltration of secure networks and the illicit acquisition of sensitive data.
In June, The Washington Times reported that individuals targeted in a hacking campaign by North Korea included high-ranking current and former U.S. intelligence officials, media executives, and national security scholars.
According to cyber intelligence firm Recorded Future, instead of causing damage to the computer networks they infiltrate, the North Korean hackers prioritize engaging in cyber espionage.
Recorded Future stated in a report released in June that over 70% of cyberattacks linked to North Korea since 2009 were carried out with the intention of gathering information. This information gathering aimed at advancing their nuclear and ballistic missile technology and enhancing the regime’s financial resources.
This article partially relies on reports from wire services.