Security firm Mandiant has reported the activities of North Korean hacking group APT43, which is using cloud computing to mine crypto currency. According to Mandiant, the organization has been using stolen crypto assets to obtain clean crypto, with the aim of self-financing its operations.
Mandiant has been monitoring the North Korean Advanced Persistent Threat (APT) group since 2018 and has identified it as an independent entity. According to the security firm, the group is a “major player” in cybercrime, with the primary purpose of acquiring funds for North Korea.
“APT43 steals and launders enough cryptocurrency to purchase operational infrastructure in a manner that reflects North Korea’s juche state ideology of self-reliance, thus reducing the fiscal burden on the central government.”
The group has been found to be using hash rental and cloud mining services to launder stolen crypto into clean crypto. These services allow users to rent out crypto mining capacity, allowing them to mine crypto to a wallet of their choosing without any blockchain-based link to their original payments.
Mandiant has identified the payment methods, aliases, and addresses that were used to make purchases, including PayPal, American Express cards, and “Bitcoin likely derived from previous operations”. Additionally, APT43 has been using Android malware to steal credentials from people in China looking for crypto loans, as well as running spoof websites to target credential harvesting.
North Korea has been involved in numerous crypto thefts, including the recent Euler Chainalysis hack, which resulted in a potential profit of $195 million. The United Nations reported that North Korean hackers had a record haul of between $630 million and over $1 billion in 2021, amounting to a minimum of $1.7 trillion.
Related: South Korea Imposes Sanctions on Crypto Thefts from North Korea
