North Korean cybercrime operator APT43 is using cloud computing to launder cryptocurrency, a report by cybersecurity service Mandiant has discovered. According to the researchers, the North Korean group uses “stolen cryptocurrencies to mine clean cryptocurrencies.”
Mandiant, a subsidiary of Google, has been tracking the North Korean group Advanced Persistent Threat (APT) since 2018, but has recently “graduated” the group into a separate identity. Mandiant characterized the group as a “major player” who often cooperated with other groups.
Although his main activity was spying on South Korea, Mandiant discovered that APT43 was likely engaged in raising funds for the North Korean regime and financing itself through its illicit operations. It appears the group has been successful in those goals:
“APT43 steals and launders enough cryptocurrency to purchase operational infrastructure in a manner aligned with North Korea’s Juche state ideology of self-sufficiency, thereby reducing the tax burden on the central government.”
The investigators detected the “probable use by the North Korean group of cloud mining and hash rental services to launder stolen cryptocurrency into clean cryptocurrency.”
@Mandiant has graduated a new prolific group #APT43 which generally aligns to #kimsuky. Read more in the blog/report/webinar: https://t.co/GY2sx2wlSe https://t.co/VZbvGUYqKH https://t.co/5Mvk740woW
—Dan Perez (@MrDanPerez) March 28, 2023
Hash rental and cloud mining are similar practices that involve the rental of cryptocurrency mining capacity. According to Mandiant, they allow cryptocurrency to be “mined to a wallet selected by the buyer without any blockchain-based association with the buyer’s original payments.”
Mandiant identified payment methods, aliases, and addresses used for the group’s purchases. PayPal, American Express cards and “Bitcoin probably derived from previous operations” were the payment methods used by the group.
Also, A.PT43 was implicated in using Android malware to harvest credentials from people in China seeking cryptocurrency loans. The group also operates various fake websites to selective collection of credentials.
North Korea has been implicated in numerous cryptocurrency heists, including the recent Euler Finance heist of more than $195 million. According to the United Nations, North Korean hackers made off with a record haul of between $630 million and more than $1 billion by 2022. Chainalysis puts that number at a low of $1.7 billion.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.