North Korean state-backed hacking teams have stolen over $659 million value of cryptocurrency in a number of crypto-heists, in line with a joint assertion issued by america, South Korea, and Japan on Tuesday.
The announcement additionally warns that menace teams linked to the Democratic Individuals’s Republic of Korea (DPRK) are nonetheless actively concentrating on blockchain know-how trade corporations.
“As recently as September 2024, the United States government observed aggressive targeting of the cryptocurrency industry by the DPRK with well-disguised social engineering attacks that ultimately deploy malware, such as TraderTraitor, AppleJeus and others. The Republic of Korea and Japan have observed similar trends and tactics used by the DPRK,” the joint assertion warns.
“The DPRK’s cyber program threatens our three countries and the broader international community and, in particular, poses a significant threat to the integrity and stability of the international financial system.”
It additionally formally confirmed that North Korean attackers have been behind the July 2024 breach of WazirX, India’s largest Bitcoin alternate, which resulted in a $235 million loss.
North Korea was additionally linked to a number of different cryptocurrency heists disclosed final 12 months, together with DMM Bitcoin ($308 million), Upbit ($50 million), Rain Administration ($16.13 million), and Radiant Capital ($50 million).
Nevertheless, blockchain evaluation firm Chainalysis painted a extra dire image in a December report, saying North Korean hackers stole $1.34 billion value of cryptocurrency in 47 cyberattacks final 12 months, breaking their earlier report of $1.1 billion from 2022.
“In 2023, North Korea-affiliated hackers stole approximately $660.50 million across 20 incidents; in 2024, this number increased to $1.34 billion stolen across 47 incidents — a 102.88% increase in value stolen,” Chainalysis stated.
North Korea’s military of IT employees
In recent times and all through 2024, United States, South Korean, and Japanese authorities businesses have additionally revealed alerts relating to North Koreans tricking personal corporations into hiring them as distant IT employees.
These North Korean IT employees, who discuss with themselves as “IT warriors,” are impersonating U.S.-based IT employees by connecting to enterprise networks through U.S.-based laptop computer farms, one thing that the FBI has warned for years.
Because it repeatedly cautioned, North Korea maintains a massive military of IT employees who’ve been educated to hide their true identities to safe employment at lots of of corporations throughout america and worldwide.
For example, cybersecurity firm KnowBe4 has not too long ago employed a North Korean malicious actor as a Principal Software program Engineer after he handed background checks, verified references, and 4 video interviews with the assistance of a stolen id and AI instruments. Nevertheless, as soon as employed, the “IT warrior” instantly tried to put in information-stealing malware on company-provided units.
After being found and fired, a few of these North Korean IT employees have additionally used insider data and their coding abilities to extort their former employers below the specter of leaking stolen delicate data on-line.
The U.S. State Division now gives as much as $5 million for data that would assist disrupt the actions of North Korean entrance corporations Yanbian Silverstar and Volasys Silverstar (and their staff). Over the past six years, these corporations have generated over $88 million in unlawful distant IT work schemes.
“The United States, Japan, and the Republic of Korea advise private sector entities, particularly in blockchain and freelance work industries, to thoroughly review these advisories and announcements to better inform cyber threat mitigation measures and mitigate the risk of inadvertently hiring DPRK IT workers,” the United States, South Korea, and Japan added in at the moment’s joint assertion.
