Introduction
As the crypto industry has grown, so have cyber-attacks targeting it. This expanding field has become a prime target for hackers, including the infamous North Korea’s hacker army. Over the years, this group has made several global headlines with some huge cyber-attacks. For a second, look back at some of the significant cryptocurrency thefts by North Korean hackers.
A Look Back Into the History
Take an example of the 2017 WannaCry Ransomware Attack, which caused chaos worldwide and was linked to North Korean hackers. Or, recall how they also pulled off a major heist in 2016, stealing $81 million from the Bangladesh Central Bank through a global banking system called SWIFT. Put all these aside, you will surely remember their 2018 cryptocurrency scam, in which the North Korean hacker army took over $500 million from the Coincheck cryptocurrency exchange.
Honestly, North Korea’s hacker army is much like the shadowy hacker group in the movie Sneakers. Just as the tech experts in the film outwit their enemies to steal valuable secrets, North Korea’s cyber operatives use their skills to steal digital money from different nations and cryptocurrency exchanges.
Now, you may wonder, why do they do this? What is their mission? Well, it’s obvious that they do all this for monetary gains. Moreover, you’ll be shocked to know that North Korea is probably the only nation in the world known for conducting open criminal hacking for personal gain. This is a reason Kim Jong Un (North Korea’s Chief or dictator, in easy words) appreciates the individuals who facilitate hacking as his ‘warriors’.
‘Brave R.G.B ……… for the construction of a strong nation.’– Kim Jong Un in 2023 |
Brave R.G.B. refers to members of the military intelligence division who are part of the R.G.B. (Reconnaissance General Bureau). The primary function of R.G.B. members is to execute nakedly criminal hacking.
As a curious crypto enthusiast, you would definitely be excited to know more about the rise of North Korea’s Hacker Army. Since fulfilling your excitement and wishes is our ultimate duty, ‘The Blockchainist’ is back with a detailed blog post that aims to address the severity of North Korea’s hacker army.
A Background & History of North Korea’s Hackers Army
North Korea’s hacker army, often referred to as the Lazarus Group or the Kimsuky Group, has become one of the most notorious cyber threats in the world. According to Kim Kuk-song (the North Korean defector), the 414 Liaison Office is the internal name of North Korea’s hacker army. Their activities have not only targeted financial institutions and governments but also disrupted global systems with far-reaching consequences.
Many publications refer to Lazarus Group as a hacker group, ALLEGEDLY to be run by the North Korean government. However, The United States Department of Justice strongly claims the Lazarus Group is North Korea’s infamous Hacker Army.
Origins and Formation
North Korea’s cyber capabilities began to develop in the late 2000s as part of a broader effort to modernize and expand the country’s military and technological sectors. The regime recognized the potential of cyber warfare and established specialized units to conduct covert operations. Moreover, these efforts were driven by a combination of political motivations, the need to circumvent international sanctions, and the desire to access foreign funds. The earliest attack made by North Korea’s Hacker group (allegedly known as Lazarus Group) was ‘Operation Red’ from 2009 to 2012. Also, they executed a cyber-espionage campaign that aimed to use unsophisticated DDoS techniques (Distributed Denial-of-Service Attack) to target the South Korean government. These attacks between 2011 and 2013 came to the limelight in the mainstream media.
Early Activities and Rise to Notoriety
Initially, North Korea’s hacker groups focused on cyber espionage and political attacks, targeting South Korean institutions and international organizations critical of the regime. However, their activities began to gain global attention in the early 2010s with high-profile attacks.
One of the earliest notable incidents was the 2014 cyber-attack on Sony Pictures. North Korean hackers targeted the studio in retaliation for the release of The Interview, a film that satirized the North Korean leadership. Eventually, the attack resulted in the release of confidential information and significant damage to Sony’s IT infrastructure.
The Rise of North Korea’s Hacking Army in Cryptocurrency Heists and Financial Targeting
North Korea’s hacking group, often referred to as the Lazarus Group has been involved in several high-profile cryptocurrency thefts, showcasing their skill and ambition in the realm of cybercrime. So, here’s a look at some of their most notable heists:
1. The 2018 Coincheck Hack
In January 2018, North Korean hackers executed one of their most audacious cryptocurrency thefts by targeting Coincheck, a Japanese cryptocurrency exchange. Eventually, the attack resulted in the theft of over $500 million worth of NEM tokens, one of the largest cryptocurrency heists in history. Hackers exploited vulnerabilities in Coincheck’s security systems to gain access to its digital wallets. Furthermore, the stolen funds were quickly laundered through various channels, making recovery nearly impossible. This incident underscored the Lazarus Group’s capability to infiltrate and compromise major financial systems.
2. The 2016 Bangladesh Central Bank Heist
Though not exclusively a cryptocurrency theft, the 2016 heist of $81 million from the Bangladesh Central Bank is notable for its sophistication and scale. Hackers used the SWIFT financial messaging system to transfer funds to accounts in the Philippines and Sri Lanka. They made a conversion of stolen money into various currencies, including cryptocurrencies, making it difficult to trace. This operation highlighted the Lazarus Group’s ability to exploit financial systems and their knowledge of how to handle and launder digital assets.
3. The 2017 WannaCry Ransomware Attack
In May 2017, the WannaCry ransomware attack affected hundreds of thousands of computers worldwide. According to Europol, this attack lasted for 7 hours and 19 minutes, affecting nearly 200,000 computers in over 150 countries. While this attack did not directly target cryptocurrencies, it used ransomware that demanded payments in Bitcoin, a tactic that revealed the Lazarus Group’s interest in and understanding digital currencies. North Korea’s hacker group uses cryptoworm (a class of malware that can travel between various nodes or computers without any direct user action) to promote the infection in computers. Moreover, the ransomware encrypted users’ files and displayed a ransom note demanding Bitcoin payments to unlock them. Thus, the widespread disruption caused by WannaCry demonstrated the group’s reach and its use of cryptocurrency as a payment method in cyber extortion.
Security Researcher Marcus Hutchins stopped this attack when his friend at a security research company received a copy of the virus. Eventually, he discovered a hardcode kill switch, ending this dangerous cyber attack.
At last, the US Department of Justice and British Authorities found North Korea’s Hacking Group, Lazarus Group, as guilty in it.
4. The 2019 BitThumb Hack
In September 2019, North Korean hackers made a significant theft from the South Korean cryptocurrency exchange BitThumb. The attack resulted in the loss of an undisclosed amount of Bitcoin and Ethereum. Eventually, North Korea’s hacker group stole around $7 million from this South Korean Exchange. Moreover, the hackers used phishing schemes and malware to gain access to the exchange’s systems. This heist reinforced the Lazarus Group’s reputation for targeting cryptocurrency exchanges and exploiting security weaknesses.
5. The 2020 KuCoin Hack
In September 2020, KuCoin, another major cryptocurrency exchange, suffered a breach that led to the theft of approximately $275 million worth of digital assets. The Lazarus Group was suspected to be behind this attack, which involved compromising private keys and transferring funds to various wallets. However, the stolen assets were quickly laundered through decentralized exchanges and mixers, highlighting the group’s sophistication in handling stolen cryptocurrencies.
6. 2023 Crypto Attacks
As per the report by Immunefi (a blockchain security platform), Lazarus Group stole around $300 million worth of cryptocurrency in hacking incidents alone in 2023. So, the primary cryptocurrency attacks involving Lazarus Group were:
Atomic Wallet Attack in June 2023, where Lazarus Groupe stole around $100 million (confirmed by the FBI)
Stake.com Hack in September 2023, where North Korea’s Hacker Group made a theft of $41 million worth of cryptocurrencies (confirmed by the FBI).
7. 2024 Cryptocurrency Attacks
In 2024, North Korea’s Hacker Group hacked WazirX (a local Indian cryptocurrency exchange), which stole around $234.5 million worth of crypto assets.
Takeaway
Today, North Korea’s hacker army remains a significant global threat. Their continued focus on cybercrime and cyber warfare reflects the regime’s strategic use of technology to achieve its objectives. As the digital landscape evolves, so too will the tactics of these cyber adversaries, making it essential for governments and organizations worldwide to bolster their cybersecurity measures.
With this, we would like to wrap up this blog post. Thanks for reading it!
‘The Blockchainist’ will be back with another interesting blog post about cryptocurrency. Also, explore our blog page to read more detailed blog posts covering various topics.