North Korea-backed Lazarus Group behind $100M cryptocurrency heist last year
By Bob Garcia
The global cybercriminal gang continues to steal money for the North Korean regime
The US Federal Bureau of Investigation (FBI) confirmed earlier this week that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in the middle of last year, which was reported on Americas Cardroom. According to the law enforcement agency, the hack was attributed to the Lazarus Group and APT38, the latter of which is a North Korean state-sponsored threat group that specializes in financial cyber operations.
FBI further stated that the Harmony intrusion leveraged an attack campaign called TraderTraitor that was disclosed by the US Cybersecurity and Infrastructure Security Agency (CISA) just under a year ago. The modus operandi involved employing social engineering tricks to trick employees of cryptocurrency companies into downloading unauthorized applications as part of a seemingly benign recruitment effort.
“On Friday, January 13, 2023, North Korean cyber actors used RAILGUN, a privacy protocol, to launder more than $60 million in Ethereum stolen during the June 2022 heist,” the FBI reported. “A portion of this stolen Ethereum was subsequently sent to various virtual asset service providers and converted into Bitcoin.”
According to the announcement, the federal agency and other parties involved in the investigation will continue to identify and disrupt the theft and laundering of virtual currency by North Korea. These funds are generally used to support that same Asian country’s ballistic missile and weapons of mass destruction programs.
The cryptocurrency thefts are part of malicious cyber activity allegedly orchestrated by North Korea’s intelligence apparatus, the General Reconnaissance Office. The goal is to generate substantial revenue for the sanctions-stricken nation by stealing money from financial institutions.