The Democratic People’s Republic of Korea (DPRK) has sharpened its focus on cryptocurrency. It marks a significant shift in revenue generation strategies. Since 2017, DPRK’s threat actors have been actively targeting this industry to navigate stringent sanctions imposed on the country.
Privileged Access: A Gateway for Cyber Attacks
Despite North Korea’s tight control over its population’s movement and access to global information, a select group within the regime enjoys privileged access. Recorded Future, a cybersecurity firm, highlights this aspect. The elite class, consisting of highly trained computer science professionals, leverages new technologies and information. This exclusive group benefits from access to resources and sometimes international travel, providing them with the skills to execute sophisticated cyber attacks, particularly against the cryptocurrency industry.
The U.S. Treasury Department’s recent sanctions against Sinbad, a virtual currency mixer linked to North Korea’s Lazarus Group, spotlight the regime’s evolving tactics. Lazarus Group is known for using such platforms to launder proceeds from their illicit activities.
These threat actors are estimated to have stolen crypto assets worth $3 billion over the past six years, with $1.7 billion reportedly plundered in 2022 alone. The majority of these stolen funds are believed to fuel North Korea’s weapons of mass destruction (WMD) and ballistic missile programs.
North Korea’s Influence on the DeFi Hacking Trend
Chainalysis, in its 2023 Crypto Crime Report, points out that $1.1 billion of the total theft is due to hacks of DeFi protocols. That firmly places North Korea among the key drivers of the DeFi hacking trend that surged in 2022. The U.S. Department of Homeland Security (DHS) also highlighted the Lazarus Group’s exploitation of these protocols earlier this September.
DeFi exchange platforms offer an ideal environment for DPRK cyber actors to maneuver and make tracking more challenging.
Tactics Employed by DPRK Hackers
State-sponsored North Korean cyber actors are technologically advanced and adept at social engineering. They often target employees of online cryptocurrency exchanges with the lure of lucrative job offers. Once they engage their victims, these hackers distribute malware that provides remote access to the company’s network.
This access enables them to drain assets and transfer them to DPRK-controlled wallets. It illustrates a sophisticated blend of technological prowess and psychological manipulation.
For paid/sponsored articles, FintechMode neither endorses nor takes responsibility for the accuracy, timeliness, quality, and content of said articles. The statements, views and opinions expressed in paid/sponsored articles are solely those of the content provider and readers are reminded that Cryptocurrency products are unregulated in most locations and can be highly risky. Do your own research and consult relevant financial experts before making any investment decisions. FintechMode will not be held accountable, either directly or indirectly, for any harm or loss that may stem from or be linked to the usage or reliance on any information, goods, or services mentioned on this page. If you have any concerns, please email [email protected] or refer to our Terms & Conditions