{"id":2882,"date":"2022-03-26T04:58:44","date_gmt":"2022-03-26T04:58:44","guid":{"rendered":"http:\/\/www.cryptoheretostay.com\/?p=2882"},"modified":"2022-03-26T04:58:44","modified_gmt":"2022-03-26T04:58:44","slug":"north-korea-using-hackers-to-raise-revenue-via-crypto-heists","status":"publish","type":"post","link":"https:\/\/cryptoheretostay.com\/?p=2882","title":{"rendered":"North Korea using hackers to raise revenue via crypto heists"},"content":{"rendered":"<p> <script type=\"text\/javascript\">\r\namzn_assoc_placement = \"adunit0\";\r\namzn_assoc_tracking_id = \"totafreearti-20\";\r\namzn_assoc_ad_mode = \"search\";\r\namzn_assoc_ad_type = \"smart\";\r\namzn_assoc_marketplace = \"amazon\";\r\namzn_assoc_region = \"US\";\r\namzn_assoc_default_search_phrase = \"crypto\";\r\namzn_assoc_default_category = \"All\";\r\namzn_assoc_search_bar = \"false\";\r\namzn_assoc_title = \"\";\r\namzn_assoc_rows =\"1\";\r\n<\/script>\r\n<script src=\"\/\/z-na.amazon-adsystem.com\/widgets\/onejs?MarketPlace=US\"><\/script><br \/>\n   <\/p>\n<p>North Korea has been employing hackers to finance some state operations via \u201ccrypto heists\u201d, according to a report by cybersecurity firm Mandiant.<\/p>\n<p>\u201cThe country\u2019s espionage operations are believed to be reflective of the regime\u2019s immediate concerns and priorities, which is likely currently focused on acquiring financial resources through crypto heists, targeting of media, news, and political entities, information on foreign relations and nuclear information, and a slight decline in the once spiked stealing of COVID-19 vaccine research.\u201d<\/p>\n<p>The report details the country\u2019s cyber operations and how they are structured within the Reconnaissance General Bureau, or RGB \u2014 North Korea\u2019s intelligence agency akin to the CIA or MI-6. It also sheds light on the infamous hacker group \u201cLazarus\u201d which has been operating out of North Korea since 2009.<\/p>\n<p>According to the report, Lazarus is not a single group of hackers, rather an umbrella term reporters use to refer to numerous different state-backed hacker groups operating out of The Democratic Republic of North Korea. However, these different groups operate in different \u201csectors\u201d and have unique responsibilities. One of the responsibilities is raising funds through the theft of cryptocurrencies.<\/p>\n<p>Assessed cyber structure of DPRK cyber programs<\/p>\n<h2>Latest cyber espionage activity<\/h2>\n<p>Hacker groups linked to Lazarus have recently been active and were exploiting a google Chrome vulnerability from early January 2022 until mid-February, when the exploit was patched out.<\/p>\n<p>Google\u2019s Threat Analysis Group, or TAG, said in a blog post on March 24th that North Korean state-backed attacker groups \u2014 tracked publicly as \u201cOperation Dream Job\u201d and \u201cOperation AppleJeus\u201d \u2014 had been exploiting a \u201cremote code execution vulnerability in Chrome\u201d since early January 2022 to conduct various hacks and phishing attacks. TAG\u2019s Adam Weidemann said in the blogpost:<\/p>\n<p>\u201cWe observed the campaigns targeting U.S.-based organizations spanning news media, IT, cryptocurrency, and fintech industries. However, other organizations and countries may have been targeted.\u201d<\/p>\n<p>The exploit allowed the hackers to send bogus job offers to people working in the aforementioned industries, which would then lead to spoofed versions of popular job-hunting websites like Indeed.com. The exploit kit and phishing are similar to those tracked in Operation Dream Job. Meanwhile, another hacker group has been targeting crypto firms and exchanges using the same exploit kit.<\/p>\n<p>Google said that roughly 340 people had been targeted by hacker groups. It added that all identified websites and domains were added to its Safe Browsing service to protect users and it is continuing to monitor the situation.<\/p>\n<h2>Lazarus targeting financial services, crypto<\/h2>\n<p>Lazarus-linked hacker groups have been involved in various hacks on crypto firms and traditional banks for several years now. Some notable hacks include the 2016 Bangladesh Bank cyber heist and various crypto-related attacks in 2017.<\/p>\n<p>The main hacker group focused on financial services attacks is APT38, which was behind the notorious SWIFT hack. It includes a subgroup called CryptoCore or \u201cOpen Password.\u201d<\/p>\n<p>Most of these hacks have been successful and it is estimated that hackers have raised over $400 million for North Korea. An investigation\u00a0by the UN concluded that proceeds from these cyber heists have been used to fund the hermit country\u2019s ballistic missile program.<\/p>\n<p><h2>Get your daily recap of Bitcoin, DeFi, NFT and Web3 news from CryptoSlate<\/h2>\n<\/p>\n<h2>Get an Edge on the Crypto Market \ud83d\udc47<\/h2>\n<p>Become a member of CryptoSlate Edge and access our exclusive Discord community, more exclusive content and analysis.<\/p>\n<p>  <strong>On-chain analysis<\/strong><\/p>\n<p>  <strong>Price snapshots<\/strong><\/p>\n<p>  <strong>More context<\/strong><\/p>\n<p> Join now for $19\/month Explore all benefits<br \/>\n<br \/><script type=\"text\/javascript\">\r\namzn_assoc_placement = \"adunit0\";\r\namzn_assoc_tracking_id = \"totafreearti-20\";\r\namzn_assoc_ad_mode = \"search\";\r\namzn_assoc_ad_type = \"smart\";\r\namzn_assoc_marketplace = \"amazon\";\r\namzn_assoc_region = \"US\";\r\namzn_assoc_default_search_phrase = \"bitcoin\";\r\namzn_assoc_default_category = \"All\";\r\namzn_assoc_search_bar = \"false\";\r\namzn_assoc_title = \"\";\r\namzn_assoc_rows =\"1\";\r\n<\/script>\r\n<script src=\"\/\/z-na.amazon-adsystem.com\/widgets\/onejs?MarketPlace=US\"><\/script><br \/>\n<br \/><a href=\"https:\/\/cryptoslate.com\/north-korea-using-hackers-to-raise-revenue-via-crypto-heists\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>North Korea has been employing hackers to finance some state operations via \u201ccrypto heists\u201d, according to a report by cybersecurity firm Mandiant. \u201cThe country\u2019s espionage operations are believed to be reflective of the regime\u2019s immediate concerns and priorities, which is likely currently focused on acquiring financial resources through crypto heists, targeting of media, news, and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2883,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wp_rev_ctl_limit":""},"categories":[3],"tags":[],"class_list":["post-2882","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ethereum-news"],"_links":{"self":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/2882","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2882"}],"version-history":[{"count":1,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/2882\/revisions"}],"predecessor-version":[{"id":2884,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/2882\/revisions\/2884"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/media\/2883"}],"wp:attachment":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2882"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2882"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2882"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}