North Korean hackers laugh at the sanctions, continuing to fill their pockets.
A UN panel of experts has released a new report investigating 58 cyberattacks carried out by hacker groups from North Korea over the past 6 years. According to experts, these attacks brought criminals about $3 billion in illegal income.
Experts have tracked in detail the activities of several well-known groups subordinate to the Main Intelligence Directorate of the DPRK (RGB). Among them are Kimsuky, Lazarus Group, Andariel and BlueNoroff — hackers who regularly appear in the reports of cybersecurity researchers.
According to the authors of the report, the main tasks of North Korean criminals are the theft of confidential data that is valuable for intelligence, as well as the illegal receipt of funds for the enrichment of the country. The stolen intellectual property helps Pyongyang improve its own technology, and can also be sold on the black market.
Attacks differ in a variety of methods-from classic phishing and exploiting vulnerabilities to complex social engineering schemes and attacks through third-party resources.
In 2023 alone, experts recorded 17 successful hacks of cryptocurrency exchanges and projects, as a result of which digital assets worth about $750 million were stolen. Among those affected are Terraport Finance, Merlin DEX, Atomic Wallet, Alphapo, CoinsPaid, Steadefi, Stake.com, CoinEx, Fantom Foundation, Poloniex, HTX, HECO Chain, and Orbit Chain.
The activities of North Korean criminals are not limited to this. They continue to target defense companies, software manufacturers, and supply chains around the world. The victims were organizations from Spain, the Netherlands, Poland, Russia and other countries. Numerous sanctions against the DPRK do not bring results.
The report cites hundreds of reports from dozens of research companies and firms that closely monitor the activities of North Korean government and military groups. Attacks on developers of radar systems, drones, military equipment, ships and weapons have been confirmed.
Experts highlighted the growing number of social engineering attacks. The attackers posed as recruiters on LinkedIn, Telegram, and WhatsApp, recruiting new victims among job seekers.
Among the attacked software vendors are JumpCloud, JetBrains, and CyberLink. The JumpCloud hack alone made it possible to withdraw about $147.5 million in cryptocurrency.
The report's authors draw attention to the growing coordination and exchange of infrastructure between various groups like Andariel, Kimsuky, BlueNoroff, ScarCruft and Lazarus. Formally, they belong to different departments of the DPRK, but in practice they are increasingly involved in joint operations.
There were also extortion campaigns. According to the study, the Andariel group stole $360,000 in bitcoin by infecting three companies with ransomware Trojans. And Lazarus Group collaborated with a South Korean ransomware distribution firm and raised about $2.6 million from more than 700 victims.
In conclusion, the UN experts recommend that countries strengthen the cybersecurity of financial institutions, introduce new sanctions against specific hacker groups from the DPRK and limit the ways of laundering illegal funds. Elliptic also provides data that the most popular mixer among intruders is Tornado Cash, through which more than $100 million of stolen crypto assets have already passed.
A UN panel of experts has released a new report investigating 58 cyberattacks carried out by hacker groups from North Korea over the past 6 years. According to experts, these attacks brought criminals about $3 billion in illegal income.
Experts have tracked in detail the activities of several well-known groups subordinate to the Main Intelligence Directorate of the DPRK (RGB). Among them are Kimsuky, Lazarus Group, Andariel and BlueNoroff — hackers who regularly appear in the reports of cybersecurity researchers.
According to the authors of the report, the main tasks of North Korean criminals are the theft of confidential data that is valuable for intelligence, as well as the illegal receipt of funds for the enrichment of the country. The stolen intellectual property helps Pyongyang improve its own technology, and can also be sold on the black market.
Attacks differ in a variety of methods-from classic phishing and exploiting vulnerabilities to complex social engineering schemes and attacks through third-party resources.
In 2023 alone, experts recorded 17 successful hacks of cryptocurrency exchanges and projects, as a result of which digital assets worth about $750 million were stolen. Among those affected are Terraport Finance, Merlin DEX, Atomic Wallet, Alphapo, CoinsPaid, Steadefi, Stake.com, CoinEx, Fantom Foundation, Poloniex, HTX, HECO Chain, and Orbit Chain.
The activities of North Korean criminals are not limited to this. They continue to target defense companies, software manufacturers, and supply chains around the world. The victims were organizations from Spain, the Netherlands, Poland, Russia and other countries. Numerous sanctions against the DPRK do not bring results.
The report cites hundreds of reports from dozens of research companies and firms that closely monitor the activities of North Korean government and military groups. Attacks on developers of radar systems, drones, military equipment, ships and weapons have been confirmed.
Experts highlighted the growing number of social engineering attacks. The attackers posed as recruiters on LinkedIn, Telegram, and WhatsApp, recruiting new victims among job seekers.
Among the attacked software vendors are JumpCloud, JetBrains, and CyberLink. The JumpCloud hack alone made it possible to withdraw about $147.5 million in cryptocurrency.
The report's authors draw attention to the growing coordination and exchange of infrastructure between various groups like Andariel, Kimsuky, BlueNoroff, ScarCruft and Lazarus. Formally, they belong to different departments of the DPRK, but in practice they are increasingly involved in joint operations.
There were also extortion campaigns. According to the study, the Andariel group stole $360,000 in bitcoin by infecting three companies with ransomware Trojans. And Lazarus Group collaborated with a South Korean ransomware distribution firm and raised about $2.6 million from more than 700 victims.
In conclusion, the UN experts recommend that countries strengthen the cybersecurity of financial institutions, introduce new sanctions against specific hacker groups from the DPRK and limit the ways of laundering illegal funds. Elliptic also provides data that the most popular mixer among intruders is Tornado Cash, through which more than $100 million of stolen crypto assets have already passed.
