Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Nuclear Programme. Show all posts

North Korean Hackers Steal Crypto to Fund ‘Nuclear Weapon Program’


North Korea based hackers have reportedly carried out another attack, stealing hundreds of millions in crypto in order to fund their regime’s ‘nuclear weapon program.’

According to blockchain intelligence company TRM Labs, almost 20% of all cryptocurrency stolen this year, equivalent to $200 millions in US Dollars, has been taken by hackers connected to North Korea between January and August 18.

The TRM Labs, in a discussion with North Korea experts, in June, stated, “In recent years, there has been a marked rise in the size and scale of cyberattacks against cryptocurrency-related businesses by North Korea. This has coincided with an apparent acceleration in the country’s nuclear and ballistic missile programs,”

In the aforementioned discussion, TRM Labs also emphasized the way there has been a shift away from North Korea's "traditional revenue-generating activities" — a sign that the government may be "increasingly turning to cyber attacks to fund its weapons proliferation activity."

In another comment on the issue, blockchain analytics firm Chainalysis noted in their February issue that “most experts agree the North Korean government is using these stolen assets to fund its nuclear weapons programs.”

On the other hand, CNBC's request for a comment on the matter from the North Korean regime's diplomatic mission to the UN – the Permanent Mission of North Korea in New York – was denied.

The Democratic People's Republic of Korea, or North Korea officially known as the DPRK, has been subject to numerous sanctions by the UN since its first nuclear test in 2006, owing to its development of nuclear and ballistic missile technology.

The goal of these sanctions behind bans on North Korea’s financial services, minerals, metals and artillery is to limit Korea’s access to these sources and funds it will need to execute their nuclear activities. 

The FBI only recently alerted cryptocurrency firms that hackers with ties to North Korea intend to "cash out" $40 million in cryptocurrency.

In January, the federal agency also noted that it continues to “identify and disrupt North Korea’s theft and laundering of virtual currency, which is used to support North Korea’s ballistic missile and Weapons of Mass Destruction programs.”

In regards to the issue, intelligence analyst at blockchain analytics firm TRM Labs Nick Carlsen said, “They are under pretty serious economic stress with international sanctions. They need every dollar they can. And this is just obviously a much more efficient way for North Korea to make money.”

“Even if that dollar stolen in crypto doesn’t directly go towards the purchase of some component for the nuclear program, it frees up another dollar to support the regime and its programs,” he added.  

Lazarus Moves More than $60 Million from Harmony Bridge Hack


North Korean state-owned threat actors Lazarus Group has stolen around 41,000 ETH or more than $60 million of Ethereum to the crypto exchanges Binance, Huobi and OKX. While Binance and Huobi both froze the funds, Binance declared that an asset of 124 BTC was also recovered in the process. 

According to internet sleuth ZachXBT, the funds were stolen from the Harmony blockchain bridge hack from last year, which led to a whopping $100 million crypto compromise. Apparently, the same hacker group utilized Tornado Cash, a now banned crypto mixer that conceals names of people involved in the transaction, in order to carry out the attack. 

As per the analysis, conducted by token movements, the ETH was routed through the anonymity system Railgun before being collected in wallets and sent to three significant crypto exchanges, possibly to be exchanged for fiat currency. 

“A very busy weekend” for Lazarus Group 

ZachXBT shared details of this week’s token movements on Twitter, claiming Lazarus Group has had “a very busy weekend” moving funds. 

In the follow-tweets, ZachXBT also linked to the website Chainabuse.com where he shared a list of approximately 350,000 unique wallet addresses that were involved in the Friday’s operation. 

Binance’s Say on the Issue 

On Monday, Binanace CEO Changpeng Zhao, better known as CZ too, commented on the situation. CZ claims that the hackers used Huobi, a competing exchange, rather than Binance this time as one of their exchanges. The hacker's accounts were subsequently frozen with Binance's assistance, he says. 

CZ also disclosed that 124 BTC ($2.6m) had been seized from the hackers, indicating at least some of their ETH has been converted to BTC. 

“We detected Harmony One hacker fund movement. They previously tried to launder through Binance and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, 124 BTC have been recovered,” he wrote. 

Although, Huobi did not comment on the matter other than retweeting an article claiming that the exchange had frozen accounts containing money connected to the hack. 

According to a report from South Korea's National Intelligence Service from December of last year, North Korean hackers have stolen more than $1 billion in digital assets since 2017. 

Moreover, the report claims that around $626 million, or more than half of that estimated tally, was taken in 2022. It also stated that it is suspected that the North Korean government uses the money obtained from the theft to advance Pyongyang’s nuclear weapons program.  

North Korea Uses Stolen Cryptoassets to fund its Nuclear Weapons Programs

International investigators and researchers have claimed that North Korea, in recent months is responsible for stealing $300 million worth of Bitcoin and other cryptocurrencies, which was done through hacking and other mass cyberattacks. 
 
The crypto assets are allegedly stolen in order to pay for North Korea's nuclear weapons program. In regards to this, a row has broken out in South Korean political circles over Korea's politicians’ and other leaders' ties to crypto developer Virgil Griffith. 
 
This development comes after North Korea’s missile launches have intensified in the past 10 days. In the wake of the recent nuclear attacks on the island of Hokkaido, more than 5 million Japanese citizens were urgently ordered to take cover as a protective measure. Pyongyang claims that these missile launches were “simulations” for nuclear attacks on South Korea. 
 
As per Military analysts, a large part of this missile launch is being funded, using the stolen cryptocurrency. North Korea is believed to have employed thousands of well-trained hackers, who have affected South Korean businesses and organizations. It has also been accused of exploiting its cyber skills for financial gains. 
 
According to Yonhap, one of South Korea's major news sources, the UN Security Council’s North Korea Sanctions Panel has blamed the North Korean cyber organization such as ‘Lazarus Group’ for Ronin Bridge and the Harmony bridge hack. 
 
As per the experts, the hermit state is utilizing the absence of worldwide regulatory constraints on cryptocurrencies, in order to steal cryptocurrencies to fund nuclear weapons and missile projects. 
 
In an interview with the VOA Korean Service, Jason Barlett, a researcher at the Center for a New American Security (CNAS) stated, “Cryptocurrency offers Pyongyang a new kind of currency that is substantially less regulated and understood by national governments, financial institutions, and institutions, and international organizations.”  
 
In accordance with a report by Nikkei Asia, North Korea is in the penultimate phase, to prepare for a nuclear weapon test, with such incidents pointing to the excavation of an underground tunnel and testing of triggering mechanisms.

Is North Korea Planning Something Bigger in the Field of Cyber Crime ?

 

North Korea is excelling in a field of cybercrime with each passing day despite the tight economic sanctions levied by the United Nations and the United States of America in 2006 to prevent North Korea of the necessary funds for its nuclear program. North Korea has boosted its cyber capabilities by exploiting digital susceptibilities across the globe.

North Korea’s hacking groups code-named Lazarus Group or Hidden Cobra have launched several cyber-attacks across the globe to extort money for its banned nuclear weapons development program. Lazarus was suspected of being the driving force behind the famous robbery of nearly $80 million from the Bangladeshi Central Bank.

US Department of Homeland and the FBI in 2017 released a cybersecurity bulletin explaining the connection of North Korea to several cyber-attacks on US businesses and critical infrastructure. In May 2020 North Korea recruited nearly 100 science and technology university graduates into its military forces to oversee its tactical planning systems. Approximately 100 hackers graduate from Mirim College, also known as the University of Automation.

As per the reports of defector testimony, North Korea is training graduates from Mirim College to dismantle Microsoft Windows Operating Systems, build destructive computer viruses and write code in various computer programming languages. WannaCry ransomware a North Korean-led cyberattack in 2017, which wrought havoc in more than 300,000 computers in 150 countries by exploiting vulnerabilities in the Microsoft Windows operating system.

According to US Army reports, the alarming thing is that North Korea is not acting alone, North Korea has recruited nearly 6,000 cyber agents across the globe in four intelligence organizations. China is one of the North Korea supporters, it helps North Koreans illicit cyber activities via training and academic intrusion. North Korean students often study at topmost Chinese science and technology universities such as the Harbin Institute of Technology (HIT) where they have access to advanced technology and equipment which are unavailable in their home country due to U.S. and U.N. sanctions.

In November 2019, the North Korean Chairman of the Education and the Chinese Ministry of Education jointly signed the China-North Korea Education and Cooperation Agreement (2020-2030) to reinforce academic partnerships and postgraduate student exchanges. This tie-up was done to increase foreign exchange and higher education training programs which may lead to increased cybercrime, given the nature of these science and technology universities.

The U.S. government continues to expose new and dangerous cyber groups that pose a serious threat to international security and U.S. national interests. However, all is not lost for the United States and its global allies, the U.S. Department of Justice can mandate cybersecurity audits for U.S. banks and financial institutions as part of deferred prosecution agreements to boost compliance with the basic cybersecurity structure described by the Cybersecurity and Infrastructure Security Agency (CISA) and Financial Action Task Force (FATF).