North Korean crypto hackers pose as VC firms to target banks
- North Korea’s notorious Lazarus Group impersonates venture capital firms and banks to steal cryptocurrencies, according to Kaspersky.
- The state-backed cybercrime group creates domains posing as well-known Japanese, American and Vietnamese companies.
- Lazarus was behind the $625 million Axie Infinity hack in April.
North Korea’s notorious Lazarus Group is impersonating venture capital firms and banks to steal cryptocurrency, according to a report by cybersecurity firm Kaspersky.
The state-backed cybercrime group, which was behind the $625 million Axie Infinity hack in April, creates domains posing as well-known Japanese, American and Vietnamese companies.
Kaspersky said Lazarus’ BlueNoroff subset uses new types of malware delivery methods that bypass security warnings about downloading content. They can then “intercept large cryptocurrency transfers, change the recipient’s address and push the transfer amount to the limit, essentially draining the account in a single transaction.”
While BlueNoroff has been quiet for most of the year, Kaspersky researchers said there has been a recent increase in activity. The FBI flagged the North Korean group in an alert in April.
Kaspersky’s chief security researcher said in a statement that 2023 will be characterized by cyber attacks of unprecedented strength, and companies must work hard to strengthen security measures.
Hackers will become increasingly sophisticated
Ari Redbord, head of legal and government affairs at blockchain analytics firm TRM Labs, estimated that North Korea was responsible for more than $1 billion of the record $3.7 billion defrauded by crypto hackers worldwide over the past year.
“When you’re talking about billions of dollars and North Korea, you’re talking about a country with no GDP, so they’ve essentially created an economy that launders cryptocurrency, and we know that those funds are not going to finance a lifestyle,” Redbord said to Insider. “They will be used for nuclear proliferation or ballistic missile systems. By 2022, these hacks went from being a law enforcement issue to being a national security issue.”
In his view, 2022 was the year of the hack. While FTX’s crash and the so-called crypto winter dominated the headlines, crypto businesses have been attacked at an “alarming speed and scale” more urgently.
Over the past few months, hackers have posed as job recruiters and targeted specific individuals who had access to private keys. They have also used initial token offerings and social media to launch attacks, Redbord added.
He said North Korean cryptohackers look for two key characteristics in targets: a high volume of liquidity and vulnerable cyber defenses. Due to the nascent nature of the space, crypto companies exemplify both.
“The tactics North Korea is engaging in are becoming more sophisticated,” Redbord said. “There is a feeling out there that ‘phishing’ means casting a wide net, but the reality is that these are extremely targeted, highly sophisticated activities.”