North Korean hackers stealing millions of dollars, laundering funds with Russians, analysts say
North Korean hackers are ramping up cyberattacks to steal many millions of dollars and are leaning on Russian partners to launder the funds, according to cryptocurrency analysts.
The observations of the escalating hacks and North Korea’s use of Russian infrastructure to move the stolen funds come amid growing cooperation between the two countries. North Korean leader Kim Jong Un visited Russian President Vladimir Putin last week and was expected to return to Pyongyang on Monday.
Cryptocurrency analysts have detected North Korean hackers’ escalating operations in recent months. Elliptic’s blockchain analysts said they identified North Korea-sponsored hackers stealing nearly $240 million worth of cryptocurrency during a 104-day period that ended Friday.
Elliptic’s analysts studying digital currency ledgers said on their blog that they tracked the stolen funds moving through addresses used by the Lazarus Group, which is a North Korean-sponsored hacking group sanctioned by the U.S. government in 2019.
The FBI warned cryptocurrency companies in August that it tracked “hundreds of millions of dollars in cryptocurrency” stolen by the Lazarus Group and believed the hackers may soon attempt to cash out bitcoin worth more than $40 million.
Private-sector analysts likewise tracking stolen cryptocurrency say the North Korean hackers are increasingly turning to Russia for assistance.
Cyber firm Chainalysis said Thursday it discovered $21.9 million of stolen funds was recently transferred to a Russia-based exchange known for facilitating illicit transactions.
“This latest action marks a significant escalation in the partnership between the cyber underworlds of these two nations,” Chainalysis said on its blog. “Not only does this revelation signify a potent alliance between North Korean and Russian cybercriminal actors, but it also presents challenges for global authorities.”
While the $21.9 million transfer does not represent chump change, Chainalysis estimates North Korean hacking groups have stolen more than $340 million worth of cryptocurrency thus far this year and more than $1.65 billion last year.
Discovering the digital fingerprints of the cyber thieves’ past actions has proven easier than catching the crooks red-handed.
The Biden administration is well aware of the North Korean hacking operations and is working to combat the state-sponsored hackers. Top White House cyber official Anne Neuberger said in May that her team estimated half of North Korea’s missile program is funded via cryptocurrency heists and cyberattacks.
She said at a Center for Strategic and International Studies event that the Treasury Department was at work tracking the funding, while the Departments of Defense and State were working on identifying North Korean hackers.
North Korea’s increasingly sophisticated cyber operations are not limited to theft of money but also designed to penetrate sensitive networks and steal sensitive information.
High-level current and former U.S. intelligence officials, media executives and national security scholars were targets of a North Korean hacking campaign reported by The Washington Times in June.
Rather than destroy the computer networks they breach, the North Korean hackers prioritize cyber espionage, according to cyber intelligence firm Recorded Future.
More than 70% of cyberattacks attributed to North Korea since 2009 were conducted to collect information, including to develop nuclear and ballistic missile technology and to better fund the regime, Recorded Future said in a June report.
• This article is based in part on wire service reports.