North Korean hackers use stolen crypto to mine more crypto via cloud services: Report
North Korean cybercrime operator APT43 is using cloud computing to launder cryptocurrency, a report by cyber security service Mandiant has found. According to the researchers, the North Korean group “uses stolen crypto to mine for pure crypto.”
Mandiant, a Google subsidiary, has been tracking the North Korean Advanced Persistent Threat (APT) group since 2018, but has only now “graded” the group to an independent identity. Mandiant characterized the group as a “major player” that often cooperated with other groups.
Although its main activity was spying on South Korea, Mandiant found that APT43 was likely engaged in raising funds for the North Korean regime and financing itself through its illegal operations. Apparently, the group has been successful in these endeavors:
“APT43 steals and launders enough cryptocurrency to purchase operational infrastructure in a way that aligns with North Korea’s juche state ideology of self-reliance, therefore reducing the fiscal burden on the central government.”
The researchers discovered the North Korean group’s “probable use of hash rental and cloud mining services to launder stolen cryptocurrency into pure cryptocurrency.”
Hash rental and cloud mining are similar practices that involve renting crypto mining capacity. According to Mandiant, they make it possible to mine crypto “to a wallet chosen by the buyer without any blockchain-based connection to the buyer’s original payments.”
Mandiant identified payment methods, aliases and addresses used for purchases by the group. PayPal, American Express cards and “Bitcoin likely derived from previous operations” were the payment methods used by the group.
Related: South Korea Sets Independent Crypto Theft Sanctions Against North Korea
In addition, APT43 was involved in the use of Android malware to harvest the credentials of people in China looking for cryptocurrency loans. The group also operates several fake websites for the targeted collection of credentials.
North Korea has been involved in a number of crypto heists, including the recent Euler exploit of over $195 million. According to the UN, North Korean hackers had a record haul of between $630 million and more than $1 billion in 2022. Chainalysis put this figure at a minimum of $1.7 billion.
Magazine: Justin Sun vs. SEC, Do Kwon Arrested, 180 Million Players Press Polygon: Asia Express