The North Korean cyber attackers group APT43 has started using cloud mining providers to launder stolen cryptocurrency.
According to researchers from Mandiant, the hackers rent computing power from data centers to mine cryptocurrencies, paying for the service with stolen cryptocurrency and exchanging the mined Bitcoin without transaction history.
Mandiant also noted that the attackers use hosting providers like Namecheap with “dirty” cryptocurrency. The scale of the scheme remains unclear, but analysts believe that APT43 is using such schemes to support its own existence rather than sponsoring the North Korean regime.
The methods used to launder stolen cryptocurrency from North Korea vary case by case. For example, in 2020, the Lazarus Group, a group controlled by the North Korean regime, laundered stolen cryptocurrency through Chinese intermediaries in the US, who bought iTunes Apple gift cards with “dirty” cryptocurrency on some exchanges and used them to purchase clean bitcoin.
The Official Research
PeckShield, a company that specializes in cybersecurity, has reported that North Korean hackers may be using the Chinese exchange MEXC to launder cryptocurrency stolen in the Gate.io hack. Despite these claims, neither Gate.io nor MEXC have responded to reports of malicious activity linked to North Korea.
According to the United Nations, North Korean intelligence was behind the majority of cyberattacks related to cryptocurrency in 2022. The UN also identified several hacking groups, including Kimsuky, Lazarus Group, and Andariel, which were reportedly under the control of North Korean intelligence.
Further UN sanctions against North Korea were put out by the United States in 2022, along with a proposal to freeze the Lazarus Group hacking group’s assets. The move, however, was blocked by China and Russia, preventing the imposition of the penalties.
The Potential Danger
According to professionals from Chainalysis, North Korean attackers were able to steal cryptocurrencies valued at $1.7 billion in 2022. Considering that North Korea’s whole export earnings for 2020 were only $142 million, this sum is astounding.
The stolen funds can be used to finance North Korea’s nuclear weapons program and other illegal activities. It is crucial for the international community to address and prevent such cyberattacks and money laundering schemes.