Threat actors linked to the Democratic People’s Republic of Korea (DPRK) have increasingly turned to the cryptocurrency sector for revenue generation, effectively evading sanctions since 2017.
Despite stringent controls on movement within the isolated nation, the DPRK’s ruling elite possess unique access to new technologies and information.
This access equips them, along with skilled computer science professionals, for cyber attacks within the cryptocurrency industry.
State-Sponsored Lazarus Crypto Heist
Screenshot taken from RecordFuture
Lazarus accomplished a 2014 attack on Sony Pictures and a cyber heist on the Central Bank of Bangladesh in 2016, leading to an $81 million theft.
In May 2017, Lazarus disseminated the WannaCry ransomware, encrypting files of victims and requiring a ransom in bitcoin, ranging from $300 to $600, for data decryption.
Several months post-attack, the attackers purportedly withdrew around $150,000 worth of bitcoin.
The impact affected over 200,000 computers across 150 countries.
The total estimated damages range from $4 billion to potentially reaching hundreds of millions or even billions of dollars
Cybersecurity firm Recorded Future reports that DPRK hackers, notably the Lazarus Group, have exploited the cryptocurrency sector, stealing an estimated $3 billion in crypto assets over the past six years, with $1.7 billion acquired in 2022 alone.
Motivation Behind the Group?
Lazarus Group is believed to operate under the North Korean government’s funding, with economic and political motivations.
Economically, the group engages in financial cybercrimes, including thefts, ransomware attacks, and cryptocurrency heists, aiming to bolster the regime’s financial resources.
These illicit gains fund various endeavors of the North Korean government, directly financing the country’s weapons of mass destruction (WMD) and ballistic missile programs.
Politically, Lazarus aligns its cyber operations with the regime’s interests, targeting entities or nations perceived as adversarial to North Korea.
By combining economic and political motives, the Lazarus Group serves as a tool for advancing the goals of the North Korean government.
Lazarus Group Continued Threats
The Lazarus Group remains a continual cybersecurity threat, distinguished for its skilled and audacious activities.
Recorded Future cautions that the industry faces a continued risk from North Korea if regulations, cybersecurity measures, and investments in cryptocurrency firms’ cybersecurity are not strengthened.
The Lazarus Group’s continuous focus on financial institutions, cryptocurrency exchanges, and critical infrastructure underscores the enduring challenges presented by state-sponsored cyber threat actors.