Threat actors linked to the Democratic People’s Republic of Korea (DPRK) are increasingly turning to the cryptocurrency sector to generate revenue, effectively evading sanctions since 2017.
Despite strict controls on movement within the isolated country, North Korea’s ruling elite has special access to new technology and information.
This access allows you to prepare for cyberattacks within the cryptocurrency industry alongside experienced computer science experts.
State-sponsored Lazarus crypto heist
Screenshot taken from RecordFuture
Lazarus attacked Sony Pictures in 2014 and launched a cyberattack on the Central Bank of Bangladesh in 2016, resulting in the theft of $81 million.
In May 2017, Lazarus distributed the WannaCry ransomware, encrypting victims’ files and demanding a Bitcoin ransom ranging from $300 to $600 in exchange for data decryption.
Several months after the attack, the attackers reportedly withdrew approximately $150,000 worth of Bitcoin.
It affected more than 200,000 computers in 150 countries.
Total estimated damages could range from $4 billion to potentially hundreds of millions or even billions of dollars.
Cybersecurity firm Recorded Future reported that North Korean hackers, specifically the Lazarus Group, have exploited the cryptocurrency sector to steal approximately $3 billion in cryptocurrency assets over the past six years, with $1.7 billion acquired in 2022 alone.
What is the group’s motivation?
The Lazarus Group is known to operate with economic and political motivations and with funding from the North Korean government.
Economically, the group is engaging in financial cybercrime, including theft, ransomware attacks, and cryptocurrency heists, to bolster the regime’s financial resources.
These illicit profits fund various efforts of the North Korean government and directly finance North Korea’s weapons of mass destruction (WMD) and ballistic missile programs.
Politically, Lazarus aligns its cyber operations to the interests of the North Korean regime, targeting groups or countries perceived as enemies of North Korea.
The Lazarus Group combines economic and political motivations to serve as a tool to advance the goals of the North Korean government.
The continued threat of the Lazarus Group
The Lazarus Group is known for its skillful and bold activities and remains a persistent cybersecurity threat.
Recorded Future warns that unless regulations, cybersecurity measures, and investments in the cybersecurity of cryptocurrency companies are strengthened, the industry could face continued risks from North Korea.
Lazarus Group’s continued focus on financial institutions, cryptocurrency exchanges, and critical infrastructure highlights the ongoing challenges presented by state-sponsored cyber threat actors.