North Korean Cyber Group Uses Crypto Mining for Espionage Funding: Report


A recent report from Mandiant, a cybersecurity firm, revealed that the North Korean cyber group APT43 has been utilizing cryptocurrency mining services to launder stolen currency and finance its espionage operations.

The primary targets of this group are government organizations, academics, and think tanks in South Korea and the United States. APT43 has been involved in financially motivated cybercrime as well as strategic intelligence collection.

To sustain its operations, APT43 has resorted to using cryptocurrency services, specifically hash rental and cloud mining services, to convert stolen cryptocurrency into clean currency. By using these services, they can mine cryptocurrency without any blockchain-based association with the original payments.

Infrastructure and hardware purchases are made using payment methods such as PayPal, American Express cards, and Bitcoin, which are believed to be derived from previous operations.

Moreover, APT43 has targeted Chinese users seeking cryptocurrency loans through a malicious Android app and an associated domain that harvests credentials. Financially-motivated activities among North Korean groups indicate a widespread mandate to self-fund and sustain themselves without additional resourcing.

Mandiant assesses APT43 as a moderately-sophisticated cyber operator supporting the North Korean regime, and the group’s collection priorities align with the mission of North Korea’s Reconnaissance General Bureau (RGB). APT43 has been under observation since 2018.

You May Also Like