admin 2023年12月1日20:53:00评论4 views字数 4395阅读14分39秒阅读模式


Threat actors from the Democratic People's Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around sanctions imposed against the country.


"Even though movement in and out of and within the country is heavily restricted, and its general population is isolated from the rest of the world, the regime's ruling elite and its highly trained cadre of computer science professionals have privileged access to new technologies and information," cybersecurity firm Recorded Future said in a report shared with The Hacker News.

网络安全公司Recorded Future在与The Hacker News分享的一份报告中表示:“尽管进出该国和该国内部的移动受到严格限制,并且其一般人口与世界其他地区隔离,但该政权的统治精英和其经过高度培训的计算机科学专业人员可以特权地访问新技术和信息。”

"The privileged access to resources, technologies, information, and sometimes international travel for a small set of selected individuals with promise in mathematics and computer science equips them with the necessary skills for conducting cyber attacks against the cryptocurrency industry."


The disclosure comes as the U.S. Treasury Department imposed sanctions against Sinbad, a virtual currency mixer that has been put to use by the North Korea-linked Lazarus Group to launder ill-gotten proceeds.

此披露发生在美国财政部对Sinbad实施制裁之际,Sinbad是朝鲜链接的Lazarus Group用于洗钱非法所得的虚拟货币混合器。

The threat actors from the country are estimated to have stolen $3 billion worth of crypto assets over the past six years, with about $1.7 billion plundered in 2022 alone. A majority of these stolen assets are used to directly fund the hermit kingdom's weapons of mass destruction (WMD) and ballistic missile programs.


"$1.1 billion of that total was stolen in hacks of DeFi protocols, making North Korea one of the driving forces behind the DeFi hacking trend that intensified in 2022," Chainalysis noted in its 2023 Crypto Crime Report.


A report published by the U.S. Department of Homeland Security (DHS) as part of its Analytic Exchange Program (AEP) earlier this September also highlighted the Lazarus Group's exploitation of DeFi protocols.

美国国土安全部(DHS)作为其Analytic Exchange Program(AEP)的一部分,在今年9月早些时候发布的报告中还强调了Lazarus Group对DeFi协议的利用。


"DeFi exchange platforms allow users to transition between cryptocurrencies without the platform ever taking custody of the customer's funds in order to facilitate the transition," the report said. "This allows DPRK cyber actors to determine exactly when to transition stolen cryptocurrency from one type of cryptocurrency to another, enabling attribution to be more difficult to determine or even trace."

报告指出:“DeFi交易平台允许用户在平台不托管客户资金的情况下在加密货币之间转换,这有助于促使转换。” “这使得朝鲜的网络行为者能够准确确定何时将窃取的加密货币从一种加密货币转换为另一种,从而使归因变得更加困难甚至无法追踪。”

The cryptocurrency sector is among the top targets for state-sponsored North Korean cyber threat actors, as repeatedly evidenced by the myriad campaigns carried out in recent months.


DPRK hackers are known for adeptly pulling off social engineering tricks to target employees of online cryptocurrency exchanges and then lure their victims with the promise of lucrative jobs to distribute malware that grants remote access to the company's network, ultimately allowing them to drain all available assets and move them to various DPRK controlled wallets.


Other campaigns have employed similar phishing tactics to entice users into downloading trojanized cryptocurrency apps to steal their assets as well as watering hole attacks (aka strategic web compromises) as an initial access vector, alongside engaging in airdrop scams and rug pulls.


Another notable tactic adopted by the group is use of mixing services to conceal the financial trail and cloud attribution efforts. Such services are typically offered on cryptocurrency exchange platforms that do not employ know your customer (KYC) policies or anti-money laundering (AML) regulations.


"Absent stronger regulations, cybersecurity requirements, and investments in cybersecurity for cryptocurrency firms, we assess that in the near term, North Korea will almost certainly continue to target the cryptocurrency industry due to its past success in mining it as a source of additional revenue to support the regime," Recorded Future concluded.

Recorded Future总结道:“在缺乏对加密货币公司的更强规定、网络安全要求和投资的情况下,我们评估在短期内,朝鲜几乎肯定会继续以过去在其作为支持政权的额外收入方面的成功作为动力,继续瞄准加密货币行业。”


  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
  • 本文由 发表于 2023年12月1日20:53:00
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):


匿名网友 填写信息