North Korea’s Crypto Extortion Efforts Have Expanded Considerably in 2020

Published at: July 28, 2020

A group of hackers associated with the North Korean regime have kept their crypto extortion efforts alive in 2020.

A group of North Korean hackers operating under the name “Lazarus” targeted several crypto exchanges last year, according to a report published by Chainalysis.

One of the attacks involved the creation of a fake trading bot which was offered to employees of the DragonEx exchange. Findings show that in March 2019, the hackers stole approximately $7 million in various cryptocurrencies from the Singapore-based exchange. 

Cybersecurity vendor Cyfirma warned in June about a massive crypto phishing campaign that could be launched by the North Korean hacker group.

The campaign will allegedly target six nations and over 5 million businesses and individuals. For now, there are no confirmed signs that the team plans to proceed with this massive attack.

Authorities sanction collaborators

The hacker group is also known to have stolen a staggering $571 million in cryptocurrencies since early 2017, according to a study conducted by cybercrime company, Group-IB.

In March, the U.S. Department of the Treasury’s Office of Foreign Assets Control, or OFAC, sanctioned two Chinese nationals accused of laundering cryptocurrency that was stolen in a 2018 crypto exchange hack.

New ransomware emerges

On July 28, a study performed by the antivirus maker and malware lab, Kaspersky, announced that a new ransomware had been created by Lazarus. This new threat, known as VHD, mostly targets the internal networks of companies in the economic sector.

James McQuiggan, security awareness advocate at KnowBe4, explained to Cointelegraph how the VHD ransomware operates: 

“A VHD, or Virtual Hard Disk, is a similar concept to that of a USB drive. Instead of physically inserting the USB drive into the port on a computer, the VHD file can be downloaded onto a system to launch the ransomware attack process. For cybercriminals, they don't need physical access, just electronic access to download the file. This type of attack requires access to the systems. By exploiting external and vulnerable infrastructure or systems, they gain the access needed."

Group running solo ops

Kaspersky researchers speculated on the possible reasons behind Lazarus’ working solo ops:

“We can only speculate about the reason why they are now running solo ops: maybe they find it difficult to interact with the cybercrime underworld, or maybe they felt they could no longer afford to share their profits with third parties.”

Lazarus usually breaches a company’s network to encrypt their data. They then proceed to ask victims for a crypto-based ransom, with a preference for Monero (XMR).

Tags
Related Posts
Revealed: How North Korean hackers launder stolen crypto
British multinational security company BAE Systems and the Society for Worldwide Interbank Financial Telecommunication, or SWIFT, have published a report revealing how cybercriminals launder cryptocurrency. According to the study Follow the Money money laundering cases via crypto are still relatively small compared to the huge volumes of cash laundered through traditional methods like wire transfers. But there are some notable examples and the report goes in-depth into the money laundering methods employed by Lazarus Group, a well-known hacking gang sponsored by the North Korean regime. Lazarus typically steals the crypto funds from an exchange and then starts to pass transactions …
Technology / Sept. 4, 2020
Digital intelligence must overcome challenges to solving crypto crimes
While the value of cryptocurrencies has varied wildly in the last year, this has not diminished crypto’s attractiveness to criminals. Many of them are moving their illegal activities underground and outside the view of law enforcement. Because of the public nature of most blockchains, however, this rapid movement shouldn’t be a major concern to law enforcement agencies. With the right tools and training, following the proceeds of crypto-enabled crime is actually not as difficult as it may seem. However, intelligence agencies must have a cryptocurrency investigation plan that includes the right tools to lawfully collect digital evidence and the properly …
Technology / Aug. 20, 2021
A Hacker is Attempting to Sell a Las Vegas Hotel Database for Crypto
The MGM Resort suffered a massive data breach in 2019 that left 142 million hotel guests exposed. A hacker is now selling the stolen database for roughly $2,900. According to the information revealed by ZDNet, a dark web marketplace claims that data from 142,479,937 MGM hotel guests are on sale. Preferred payment is denominated in Bitcoin (BTC) and Monero (XMR). MGM Resorts confirmed the data breach, stating that they’re aware of the scope of this previously reported incident from 2019. No financial data was leaked However, according to the research, the cybercriminal did not leak any sensitive data from the …
Technology / July 14, 2020
Kim Jong Un May Be Using Stolen Crypto to Offset Economic Fallout
North Korean leader, Kim Jong-un, is reportedly backing a group of hackers. Their goal? Stealing cryptocurrencies like Bitcoin (BTC) using phishing scams. Sources indicate that the country has ramped up these efforts in an attempt to prevent a financial meltdown amid the COVID-19 crisis. A report published on May 13 by the U.K. Mirror claims that the Lazarus group, a hacking syndicate with alleged ties to the North Korean state, could be launching a cybercrime campaign of advanced persistent threat, or APT, attacks. Experts from Seoul-based firm, ESTsecurity, state that Lazarus is “increasingly engaging” in cybercrime activities in and out …
Bitcoin / May 14, 2020
Legit vs. Illicit Crypto: North and South Korean Approaches Compared
South and North Korea may be separated by a border that's only 2.5 miles wide, but the two nations couldn't possibly be more different, at least when it comes to crypto. South Korea has emerged over the past few years as one of the world's major crypto-trading centers, with the BTC-KRW (Korean won) market being the fourth biggest among national fiat currencies. By contrast, most North Koreans have almost zero knowledge of cryptocurrencies, even though their government has been engaging in Bitcoin mining and the hacking of crypto exchanges in a bid to secure an alternative revenue stream. As the …
Adoption / Sept. 27, 2018