North Korean hackers steal $3B in crypto since 2017: report

Written by
Edited by
Written on Oct 17, 2024
Reading time 4 minutes
  • Moonstone Sleet, a new North Korean group, deployed FakePenny ransomware in defense and aerospace sectors.
  • Iranian cyber actors have shifted to financially motivated ransomware, targeting Israel and Gulf countries.
  • Russian cyber actors are outsourcing espionage to criminal groups, using commodity malware.

Follow Invezz on Telegram, Twitter, and Google News for instant updates >

A recent report by Microsoft has revealed alarming details about North Korea’s cyberattacks, specifically targeting cryptocurrency organizations.

Advertisement

Are you looking for signals & alerts from pro-traders? Sign-up to Invezz Signals™ for FREE. Takes 2 mins.

Since 2017, North Korean hackers have stolen more than $3 billion in crypto assets, with significant thefts recorded in 2023.

Advertisement

The report also uncovered the role of these funds in financing over half of North Korea’s nuclear and missile programs, illustrating the close link between cybercrime and the country’s geopolitical ambitions.

The growing sophistication of North Korean threat actors highlights the global threat landscape, with other nations, including Iran and Russia, also engaging in high-profile cyberattacks.

North Korean crypto theft hits $1 billion in 2023 alone

Copy link to section

According to Microsoft’s 2024 Digital Defense Report, North Korean hackers have become increasingly aggressive in their attacks on cryptocurrency platforms.

In 2023 alone, between $600 million and $1 billion worth of crypto assets were stolen, funding more than half of North Korea’s nuclear and ballistic missile programs.

This significant financial resource allows North Korea to evade international sanctions while advancing its global strategic objectives.

The funds generated through these attacks are a critical component of North Korea’s ambitions, directly supporting its nuclear weapons development.

Microsoft’s report highlights the activities of three major North Korean hacker groups—Jade Sleet, Sapphire Sleet, and Citrine Sleet.

These groups have been highly active in targeting cryptocurrency exchanges, blockchain companies, and digital wallets since 2023.

Moonstone Sleet, a newer North Korean threat group, has developed a unique ransomware variant called FakePenny, which has been deployed against defense and aerospace firms.

The attacks have not only disrupted critical industries but have also allowed North Korea to siphon financial resources, reinforcing its regime’s stability.

The rise of Moonstone Sleet and its custom ransomware

Copy link to section

Moonstone Sleet has emerged as a new player in the North Korean cyber landscape, with its custom ransomware variant, FakePenny, specifically designed for highly targeted attacks.

This group has primarily focused on defense and aerospace industries, exfiltrating sensitive data from compromised systems before deploying the ransomware.

FakePenny is notable for its ability to evade traditional detection methods, making it a potent tool in North Korea’s cyber arsenal.

The continued evolution of ransomware and other cyber tools suggests North Korea’s commitment to leveraging these tactics to further its geopolitical goals.

Iranian and Russian cyber actors add to the growing global threat

Copy link to section

While North Korean hackers have gained much attention, Microsoft’s report also identifies Iranian and Russian cyber threat actors as key players in the global cyber threat landscape.

Iranian hackers, particularly motivated by geopolitical tensions, have increasingly focused their efforts on Israel, the US, and Gulf nations like the UAE and Bahrain.

These actors have shifted from destructive ransomware operations to financially motivated attacks, reflecting their growing interest in funding cyber operations.

Russian threat actors have adopted commodity malware and outsourced their cyber espionage operations to criminal groups, further complicating the global cybersecurity picture.

The activities of North Korean, Iranian, and Russian cybercriminals underscore the growing intersection between cybercrime and geopolitical power plays.

For North Korea, the ability to finance its nuclear weapons program through crypto theft highlights the country’s dependence on cyberattacks to evade economic sanctions.

Meanwhile, Iran’s focus on cyber operations against geopolitical adversaries and Russia’s outsourcing of espionage demonstrate how cybercriminal activity has become an extension of traditional statecraft.

As nation-states increasingly rely on cyberattacks to pursue their strategic goals, the global cybersecurity landscape is set to become more complex and volatile.

The scale and sophistication of these nation-state cyberattacks have prompted global governments and organizations to bolster their cybersecurity defenses. However, the report highlights the challenges of addressing such a dynamic and evolving threat.

Advertisement

Other content you may like