Golden year for hackers thanks to crypto. Especially for the North Koreans, 2022 was their record year, as they made the highest amount of money. The alarm comes from a confidential UN report, which Reuters was able to preview and which will be made public between late February and early March. According to researchers and analysts in South Korea, the amount of virtual loot earned by crooks linked to dictator Kim Jong-un is in the range of $630 million to $1 billion. The figure is higher, however, in the region of $1.7 billion, according to Chainalysis, a US blockchain platform dedicated to monitoring the crypto world. Globally for Chainalysis, the digital money obtained by hackers in 2022 is $3.8 billion, also a record with $500 million more than in 2021.
Although the figure on the plate should be considered downwards due to the recent downturn in cryptocurrencies, the surge is due to the use of multiple techniques that have become increasingly sophisticated over time and, therefore, difficult to detect before the theft. The authors of the UN report themselves state that “the refinement of techniques by malware actors make the tracing of stolen funds complex“.
As mentioned, leading the criminal wave are groups linked by the Reconnaissance General Bureau, North Korea’s intelligence bureau. This is where cybercriminal teams like Andariel, Kimsuky, Apt38 and, above all, Lazarous Group were born. According to independent observers working with the United Nations and the FBI, it is the Pyongyang dictator himself who, from cryptocurrency, would derive a large part of the resources needed to continue the development of nuclear weapons.
Why is crypto so important to the Korean dictator
In addition to phishing, according to the UN report, North Korean hackers also used LinkedIn to get in touch with employees of targeted companies and organisations and then WhatsApp to intensify communications before releasing malicious payloads. Those who ended up in the cybercriminals’ networks were mainly aerospace companies and defence agencies of various foreign countries. Also in the crosshairs of hackers are companies in the crypto world, with Chainalysis pointing out how hackers carefully curate fake resumes to be hired by or to collaborate with crypto companies to gain useful advantages and knowledge to facilitate attacks.
Considering the figures earned by North Korean criminals and the $142 million the country’s exports in 2020, one can guess how the business around crypto represents a significant slice of the national economy and a saving grace for Kim Jong-un. So much so that the dictator is said to have hired some 6,000 hackers to secure funds through theft.
Among the many attacks this year, one of the most notorious brought in $100 million in cryptocurrency stolen from Harmony, a Californian company. Recently, the FBI has stated that Lazarus Group and Apt38 were responsible for the theft last June and the subsequent laundering of $60 million worth of Ethereum. Amidst many difficulties and criminals to follow, thanks also to the support of industry organisations, the ability of police and national security agencies to intervene in the discovery and arrest of hackers and the recovery of money is growing. Last September’s seizure and recovery of over 30 million crypto dollars stolen earlier by Lazarus Group on Axie Infinity’s Robin Network was significant in this regard. It was the first seizure from North Korean hackers, and many more are soon to come for insiders.
