According to blockchain analysis firm Chainalysis, cybercriminals linked to North Korea carried out at least seven assaults against virtual currency networks last year, collecting around $400 million in digital assets.
The Jan. 13 Chainalysis report called 2021 a "banner year" for North Korean hackers, claiming that many of the hacking attacks were likely carried out by a group known as APT 38, or the "Lazarus Team," which is thought to be guided by the reclusive regime's main intelligence unit, the Reconnaissance General Bureau.
“These attacks targeted primarily investment firms and centralized exchanges, and made use of phishing lures, code exploits, malware, and advanced social engineering to siphon funds out of these organizations’ internet-connected ‘hot’ wallets” into addresses controlled by the North Korean regime, Chainalysis said.
The hackers initiated a "careful laundering procedure to cover up and payout" after obtaining the crypto assets, according to the study, which noted a dramatic increase in the rogue actors' usage of software applications called mixers to mask their operations.
North Korea's use of several mixers—software tools that pool and jumble cryptocurrency from thousands of addresses—is a planned attempt to disguise the origins of their ill-gotten digital currencies while off-ramping into cash, according to Chainalysis.
14 Jan 2022