US Court Seizes 279 North Korea Crypto Accounts as Hackers Use New Malware

North Korean Crypto Hackers Use New Malware

Justice Timothy Kelly of the US District Court for the District of Columbia has ordered the seizure of 279 crypto accounts linked to North Korean operatives.

This action intensifies the battle against international money laundering and nuclear proliferation.

US Court Seizes 279 North Korea Crypto Accounts

North Korean Crypto Hackers Use New Malware

The decision follows a series of US actions to disrupt the financial networks facilitating North Korea’s illicit activities. Initiated by the US government in August 2020, this case involved actors linked to North Korea transferring stolen crypto to exchanges and unhosted wallets outside the US.

These sophisticated operations obscure the origins of stolen currencies and convert them into hard cash, helping North Korea skirt sanctions.

In response, Washington has toughened its stance by sanctioning crypto mixers, services that make tracing the origins of stolen funds difficult. However, North Korean cybercrime groups have skillfully evaded US and international sanctions by devising new laundering methods.

These activities are part of a broader pattern of cyber heists targeting cryptocurrency exchanges. For instance, a single heist alone netted almost $250 million after an unwitting employee downloaded malware. This malware gave attackers remote access to manage virtual funds privately.

Moreover, in a recent report, cybersecurity firm Kaspersky described Durian as a tool for remote control and data theft. The malware cleverly utilizes legitimate security software used by crypto firms, thus enhancing its effectiveness and stealth.

“With the help of Durian, first, the North Korean hackers introduced additional malware named “AppleSeed”, an HTTP-based backdoor commonly employed by the Kimsuky group. Furthermore, they incorporated legitimate tools, including ngrok and Chrome Remote Desktop, along with a custom proxy tool, to access target machines. Ultimately, the actor implanted the malware to pilfer browser-stored data, including cookies and login credentials,” Kaspersky explained.

Additionally, the United Nations has reported that between 2017 and 2023, North Korea amassed about $3 billion from crypto hacks. These funds significantly support Pyongyang’s weapons programs, including its nuclear and missile development efforts.

According to a UN panel of experts, this funding is critical as it represents nearly half of North Korea’s foreign currency revenue.

Leave a Reply

Your email address will not be published. Required fields are marked *