Japan, South Korea and the United States accused Northern Korea on Tuesday of orchestrating several of the largest cryptocurrency flights in 2024, warning the blockchain industry that the rogue state will continue to constitute a major threat of the coming year.
“The RPDC CYBER program threatens our three countries and the broader international community and, in particular, is an important threat to the integrity and stability of the international financial system,” said governments, stressing the role of the North Korea in the siphon of $ 308 million in DMM Bitcoin and $ 235 million in Wazirx.
“Our three governments are trying together to prevent thefts, including private industry, by the PDR and recover stolen funds for the ultimate aim of denying the illegal income of the RPDC for its illegal weapons of mass destruction and ballistic missile programs. ”
The declaration indicates that the group hackers of Lazarus of North Korea “continue to demonstrate a model of malicious behavior in cyberspace by leading many cybercrime campaigns to steal cryptocurrency and target exchanges, digital active guards and individual users. ”
In addition to the more than $ 500 million taken from DMM Bitcoin and Wazirx, $ 116 million was taken in North Korean attacks against cryptographic platforms, rain management and radiant capital.
US officials noted that, so recently, they saw North Korean hackers deploying malware likes like Traderraitor and Applejeus in attacks that made theft of millions of dollars in cryptocurrency.
The blockchain security company, Chainalysis, has published a report in recent weeks that the hacking groups linked to the government of North Korea have stolen a value of $ 1.34 billion in cryptocurrency on 47 incidents in 2024.
United Nations experts investigate 58 cyber attacks on cryptocurrency companies that were reportedly led by North Korean pirates that allowed attackers to rake around $ 3 billion over a six-year period.
IT workers’ concerns
Another tactic that has caused an alarm among the three countries is the trend of North Korean pirates who try to be illegally hired as workers in American companies – both in order to steal sensitive information and win well -paid wages.
Last month, the DoJ charged 14 North Koreans for their participation in the program, noting that they were able to collectively win at least $ 88 million thanks to employees as workers from American companies and extorting organizations. Some have worked several computer jobs and reported more than $ 10,000 per month.
Tuesday’s declaration notes the dozens of measures taken by each country since 2022 to stop the campaign, but they have urged businesses in the blockchain area to be particularly strict in their interview process when hiring IT workers.
Chainalysis added that North Korean IT workers have increasingly infiltrated crypto and web3 companies and “compromise their networks, operations and integrity”.
Although the emphasis has been mainly focused on wages won by workers, experts have raised concerns in recent months concerning the potential that the company’s confidential data are stolen and sold.
Michael Barnhart, principal mandiant analyst at Google Cloud, said Recorda Future News that they had seen an increase in extortion attempts linked to North Korean IT workers.
“For the first time, we note that IT workers are continuing on the publication of sensitive data from the organizations they have infiltrated to put the victims to pay exorbitant ransoms. They also demand more cryptocurrency than ever before, “he said by e-mail.
“We assess that the attention of the increased media and the disturbances of the current government targeting their cyber operations in the past year require climbing in their tactics.”
Barnhart said sales have increased in the tempo following the operations of the law enforcement by the United States Ministry of Justice to invoice the Americans involved in the management of laptop farms based in the United States necessary to give the impression that North Koreans work between the United States
The United States has also sanctioned many companies and groups helping to help North Koreans be hired.
Barnhart explained that the extortion efforts of North Korean IT workers had historically arrived at smaller organizations, but the authenticity of information was generally indefinite.
“With the recent increase in these types of events and working with our victims partners and organizations, we see them trying to extort the major organizations and follow their threats for the first time,” he said.
“In addition, monetary requests are increasing at a level that we have not seen so far. Attempts can have many factors. Some rely on unhappy IT workers demanding a return salary for the work they had or not done. Some are threats to release intellectual property and data if a ransom of cryptography is not respected. »»
Other extortion attempts imply that with potentially disclosed data, other more sophisticated actors can use it to attack different parts of the affected organization, added Barnhart.
Mandiant also saw cases where the three tactics were used in a single extortion e-mail. Several of the false IT workers have threatened to give information to the competitors of the company or to publish it publicly.
Barnhart refused to say where the information is sold “due to current surveys” and did not know who buys the proposed data.
He noted that a large part of the data implies intellectual property such as the source code and “could provide competitors with a major advantage and can also seriously damage the reputation of an organization that has been infiltrated”.
Scott Algeier, Executive Director of the Center for the Sharing and Analysis of Non -profit Information Technologies (ISAC), said that his organization has been monitoring and discussed these threats with members for about a year – warning them of Having verification processes and robust internal controls and internal controls to identify suspicious behavior if a candidate is hired.
