North Korean Hacker: $400 Million in Stolen Cryptocurrencies in 2021

The North Korean Pirates they almost stole $400 million in cryptocurrencies in 2021 by at least seven attacks. The analysis, carried out by Cainalysis, identified that most thefts took place in Ethereum and in bitcoinsthe former becoming the cryptocurrency of choice for attackers.

North Korea: in 2021 the value of flights reached record levels

Hacker groups attributable to North Korea had also carried out similar attacks in recent years, but in 2021 the value of flights has reached record levels. The best known of these groups Lazarusresponsible for attacking Sony Pictures Entertainment from 2014 and ransomware want to cry in 2017. The case of malware is more recent AppleJesuswhich targets Windows and Mac systems worldwide by posing as a legit cryptocurrency trading platform.

North Korean Pirates

Also known as APT 38the group focused on cryptocurrency theft to evade US and UN economic sanctions. A UN panel of experts in 2018 concluded that its cryptocurrency hacks contribute to the finance the North Korean government’s missile programs.

Typical tools for this type of attack are used, such as social engineering, phishing and exploits. “From 2020 to 2021, the number of hacks linked to North Korea increased from four to seven, and the value derived from these attacks increased by 40%”states Chainalysis in its report. According to Chainalysis, North Korean hacker attacks in 2021 primarily targeted investment firms and cryptocurrency exchanges.

Last year, North Korean hackers focused primarily on Ethereum, as 68% of stolen value was in this cryptocurrency, which replaced Bitcoin as the primary cryptocurrency in attackers’ programs. Bitcoin, however, still plays a key role in laundering Ether before outright withdrawal. The cryptocurrency mixing software or “tumblers”It breaks the funds down into small amounts and mixes them with other transactions before sending the equivalent value to a new address. “North Korea systematically launders money through a blender to hide the origins of its illicit cryptocurrencies before turning them into traditional currency”notes the report.

North Korean Pirates

The attacks were reported by Cybersecurity and Infrastructure Security Agency (CISA) from the United States and also by the cybersecurity company Kasperskywhich has been monitoring intrusions since 2017, identifying them with the name of “SnatchCrypto”.

These attacks are based on the model of closely following the start-ups in the FinTech sector concoct elaborate social engineering schemes to build trust with targets by posing as legitimate venture capital firms. The aim is to persuade victims to open documents containing malware which activate a payloads designed to run malware from a encrypted string from remote server.

An alternative method used to activate the chain of infection is the use of Windows Shortcut File (“”.LNK”) to recover the malware. It’s a Visual Basic scriptingwhich then serves as a starting point to run a series of intermediate payloads, before installing one backdoors complete with features to take screenshots, log keystrokes, steal data Chromium Browser and execute malicious commands.

Gift ideas, why waste time and risk making mistakes?