North Korean Hackers Stole $2 Billion

North Korea Hackers

United Nations Reports that North Korea Hacks Banks and Cryptocurrencies to Fund Initiatives

A leaked report from the United Nations (UN) stated that the Democratic People’s Republic of Korea (DPRK) deploys state-sponsored hackers who have netted an estimated $2 billion from financial institutions and cryptocurrency exchanges in just three years. DPRK’s intelligence arm, the Reconnaissance General Bureau (GRU), has focused its Lazarus hacking group’s skills on stealing money for North Korea.

The UN report states that North Korean is hacking banks and crypto to illegally raise money for a weapons program in violation of sanctions. North Korea’s technology skills have increased and confirms that financial gain is one of their primary goals. North Korean hackers targeted financial institutions and cryptocurrency exchanges in seventeen different countries. See the full UN report here.

Heimdel Malware Protection
Heimdel Malware Protection

North Korea’s Lazarus hackers focus on the theft of currency from real-world banks or cryptocurrencies from online exchanges. North Korea’s state-sponsored hackers are responsible for $81 million of stolen from the Central Bank of Bangladesh. At least another $571 million was stolen from five cryptocurrecny exchanges: Yapizon, Coinis, YouBit, South Korean exchange Bithumb, and Coinckeck. The exchanges are a favorite target because they are harder to trace.

Financial gain remains one of the main goals for Lazarus. The experts said North Korea “used cyberspace to launch increasingly sophisticated attacks to steal funds from financial institutions and cryptocurrency exchanges to generate income.

APT38 – Advanced Persistent Threat Group

One of North Korea’s state-sponsored hacking groups, Lazarus Group, has been operating since 2009. Lazarus is an Advanced Persistent Threat Group, or APT38. Lazarus typically breaches financial institutions to steal money for North Korean initiatives. APT38 has infiltrated the IT networks of over sixteen organizations in eleven countries. The hacking group is associated with the 2017 WannaCry ransomware cyber attack, the 2014 Sony Pictures hack, and the 2016 SWIFT Banking cyber attack.

An Advanced Persistent Threat Group, or APT Group, is an advanced hacking organization with a level of skill that warrants monitoring. Some, but not all APT groups are state-sponsored. They are often given other names by cyber security researchers. For example, Chinese state-sponsored groups tend to be named after Panda Bears and Iranian hackers are named after Persian Cats. AN APT group can have multiple names as they are informal. The hacking groups given other names so as not to directly offend a sponsoring government in reports.

APT hacking groups typically use a low and slow approach to hacking. Their cyber attacks may go undetected for years. These advanced hacking groups are after technology, conduct espionage, and steal money.

Hacking for Money

Cryptocurrencies are targeted by hackers because are not as easy to track and subject to less government oversight. Tokyo-based Remixpoint, which runs the BITPoint exchange, lost 3.5 billion yen. In 2017, state-sponsored hackers launched a spear phishing attack against a London cryptocurrency firm as well as a low and slow cryptocurrency mining operations. In 2018, over £31m was heisted from South Korean exchange Bithumb.

A Panel of Experts to the United Nations Security Council, cited a series of cyber attacks in 2018. Hackers stole tens of millions of dollars from banks and transferred the money to accounts in 30 different countries and Hong Kong. Funds were quickly withdrawn in thousands of transactions.