North Korean hackers are renting cloud-based mining services to launder their stolen crypto funds amid the recent clampdown on crypto mixing services.
According to a report by Google-owned cybersecurity firm Mandiant, Pyongyang-based hacking group APT43, also known as Kimuski, buys cloud mining services with its stolen funds to produce clean crypto with no blockchain-based connections for law enforcement to trace.
“APT43 steals and launders enough cryptocurrency to buy operational infrastructure in a manner aligned with North Korea’s juche state ideology of self-reliance, therefore reducing fiscal strain on the central government.”
Cloud mining services allow users to mine cryptocurrencies such as Bitcoin using rented cloud computing power without installing or directly running the hardware and related software.
This saves miners from having to buy and set up their own local mining rigs.
Mandiant, which has been tracking the North Korean Advanced Persistent Threat (APT) group since 2018, characterized the group as a “major player” that often cooperated with other groups.
However, the security firm noted that APT43 most likely carries out phishing attempts to fund its own operations in contrast to other North Korean groups such as APT38, which are likely primarily tasked to bring in funds for the regime.
“Associated activity included identified payment methods, aliases, and addresses used for purchases, and the likely use of hash rental and cloud mining services to launder stolen cryptocurrency into clean cryptocurrency.”
Mandiant also noted that the group used several payment methods to purchase infrastructure and hardware including PayPal, American Express cards, and other services that can be used for future attacks.
In particular, the group uses stolen funds to register domains impersonating popular search engines, web platforms, and cryptocurrency exchanges aimed at gathering credentials that can be used for future phishing attempts.
According to the report, the group launched multiple credential collection campaigns last year targeting academics, journalists, politicians, bloggers, and other private-sector individuals, primarily in South Korea.
North Korean Hackers Responsible for Major Crypto Thefts
North Korean hacking groups account for a huge portion of illicit cyber activities. The state-sponsored hackers are also deemed responsible for some of the biggest crypto heists ever.
Earlier this year, the White House said that North Korean hackers had stolen more than $1 billion worth of crypto in the past two years, adding that Pyongyang has used the funds to support its missile program.
The US government has also claimed that the North Korean hacking group Lazarus was responsible for the hack of Axie Infinity’s Ronin blockchain that saw hackers make off with about $625 million worth of Ethereum and USDC.
However, North Korea has repeatedly denied that it seeks to hack crypto and has refuted accusations surrounding the Lazarus group, which has previously been accused of masterminding the 2014 hack of Sony Pictures and the 2017 Wannacry ransomware attacks.