A global cybersecurity firm reports that the North Korean regime is filling its coffers with cash from state-sponsored hacking groups conducting crypto thefts.
Mandiant, the Virginia-based company with global offices that works with law enforcement to fight cybercrime, recently wrote on its blog that the isolated country had shifted its focus from looting COVID-19 vaccine research to stealing digital assets.
According to the blog, the nation is targeting financial institutions (FIs) and crypto companies.
“Over time, we saw this organization shift from purely COVID-19 efforts to defectors, defense and government, bloggers, media, cryptocurrency services and financial institutions,” Mandiant wrote.
North Korea is likely using the stolen money to fund vaccines and weapons, and to circumvent sanctions imposed on them by countries around the world.
“The information gathered in these campaigns may be used to develop or produce internal articles and strategies, such as vaccines, sanctions evasion measures, funding of the country’s weapons programs, and so on,” Mandiant said.
The country supports the Lazarus Group, a cybercrime company made up of an unknown number of people and run by the North Korean government, the blog said.
The Reconnaissance General Bureau (RGB), North Korea’s foreign intelligence agency in charge of covert operations, is responsible for the country’s criminal cyber operations, including espionage, destructive operations and financial crimes, the report said.
According to a report by Chainalysis, North Korean hackers have stolen nearly $400 million worth of cryptocurrencies in at least seven cyberattacks targeting investment firms and centralized exchanges. In 2017, Bitcoin comprised almost all cryptos stolen by North Korean hackers.
See also: North Korean hackers stole $400 million worth of crypto last year
Scammers used phishing decoys, code exploits, malware, and advanced social engineering to funnel funds from connected “hot” wallets to addresses controlled by the Democratic People’s Republic of Korea (DPRK). The funds were then laundered and paid out.