NKNews was given access to the report from a UN panel of experts that details how hackers working for the North Korean regime have been stealing various different privacy-focused cryptocurrencies in order to bypass sanctions. This follows an in-depth piece published by The Telegraph alleging similar tactics two weeks ago.
The monetary value stolen by hackers is estimated to be as high $2bln, with the ill-gotten gains used to disguise illicit transactions or launder stolen fiat and cryptocurrency through various altcoin swaps.
Been ongoing for years
The United Nations Security Council has suspected North Korea of using the same modus operandi since August 2019, as was outlined in a report published that month. The various findings were compiled from investigations carried out by member states of the UN:
“The increasing scope and sophistication of cyberattacks by the Democratic People’s Republic of Korea to steal funds from financial institutions and cryptocurrency exchanges also allows the country to evade financial sanctions and generate income in ways that are harder to trace and subject to less government oversight and regulation.”
The report alleges that hackers would steal cryptocurrency from individual users and exchanges, while various mining operations were being used to obtain cryptocurrency as well.
The report even alleges that North Korean hackers were responsible for four separate attacks on well-known South Korean exchange Bithumb leading to the theft of around $65mln worth of cryptocurrency.
Cryptojacking, ransomware also used
The 2019 report also details how hackers used cryptojacking software to hijack infected computers to mine various cryptocurrencies.
The gains from the illicit programs and their mining were then sent to servers located at Kim Il Sung University in Pyongyang. Another instance saw malware installed on computers of a company in South Korea, which secretly mined privacy-focused cryptocurrency Monero on the infected systems.
Hackers also used ransomware to extort companies, demanding payment in various cryptocurrencies.
Some reports claim that the cryptojacking malware has netted the North Korean regime $670 million worth of cryptocurrency.
Kaspersky links Lazarus to North Korea
The VHD ransomware attack requires victims to pay the hacking group in Monero. Kaspersky believes the VHD ransomware belongs to Lazarus due to it using part of an instance of a multiplatform framework called Mata used by the cybercrime group.