A new US Department of Justice (DoJ) charge details collaboration with China to funnel $250m in stolen funds as part of state-sponsored attacks.
Illegal Cryptocurrency Accounts
The US Govt. aims to gain control of 280 illegal cryptocurrency accounts that it says were used by N. Korean state-sponsored attackers in their efforts to hack cryptocurrency exchanges & channel 100s of millions in stolen money through a Chinese money-laundering network.
The US Department of Justice (DoJ) filed a civil forfeiture complaint against N. Korea on Thurs. as part of a bigger effort to close down that it explained were state-sponsored cyber-attacks on currency exchanges by hackers.
Virtual Currency Exchanges
The charge details 2 specific attacks against virtual currency exchanges in 2019 allegedly carried out by N. Korean hackers. The US DoJ also claims threat players in China were involved & helped launder over $250m stolen from more than 12 exchanges.
“Today’s action publicly exposes the ongoing connections between N. Korea’s cyber-hacking program & a Chinese cryptocurrency money-laundering network,” Acting US Assistant Attorney General Brian Rabbitt of the DoJ’s Criminal Division commented in a press statement.
$272,000
According to the DoJ, the 2 hacks outlined occurred in July & Sept. 2019. In the first, a hacker allegedly stole over $272,000 worth of alternative cryptocurrencies & tokens, including Proton Tokens, PlayGame tokens, & IHT Real Estate Protocol tokens, which were then laundered through “several intermediary addresses & other virtual currency exchanges,” investigators commented.
Chain Hopping
“In many instances, the actor converted the cryptocurrency into BTC (bitcoin), Tether or other forms of cryptocurrency–a process known as ‘chain hopping’–in order to obfuscate the transaction path,” says the charge.
In a further attack, the DoJ revealed that a N. Korea-associated hacker gained access to an unnamed company’s virtual currency wallets, funds held by the company on other platforms, & funds held by the company’s partners. The hacker took almost $2.5 million & laundered it through over 100 accounts at another virtual currency exchange, said the Feds.
APT Groups
During Sept. 2019, the US Govt. sanctioned North Korean APT groups, which included the prolific Lazarus group, who were behind the high-profile WannaCry ransomware attack & cyber-attacks on Sony Pictures Entertainment.
These sanctions froze any US-related financials assets & barred any US dealings with Lazarus & 2 of its alleged sub-groups, Bluenoroff & Andariel. All are thought to be owned by the Reconnaissance General Bureau (RGB), N. Korea’s main intelligence agency.
Phishing
Lazarus was most recently linked to a phishing campaign, revealed in research this week, that targeted admins. at a cryptocurrency firm via LinkedIn messages. Researchers from F-Secure outlined the financially motivated campaign targets businesses globally via LinkedIn messages sent to victims’ personal LinkedIn accounts.
The DoJ charge is the newest action taken by the US Govt. to crack-down on what it says are cyber-criminal activity tied to N. Korea, despite its own admittance that it will be difficult to close down the nation’s widespread hacking efforts completely.
Powerful Message
“Although N. Korea is unlikely to stop trying to pillage the international financial sector to fund a failed economic & political regime, actions like those today send a powerful message to the private sector & foreign governments regarding the benefits of working with us to counter this threat,” US Assistant Attorney General John Demers of the DoJ’s National Security Division commented in a statement.
https://www.cybernewsgroup.co.uk/virtual-conference-september/
