Bitcoin
$44,093.79+5.49%
Ethereum
$2,309.30+2.94%
Binance Coin
$232.63+1.76%
XRP
$0.62532096-0.12%
Solana
$63.65+3.62%
Cardano
$0.42682981+4.29%
Dogecoin
$0.09579712+5.58%
Avalanche
$26.29+15.65%
Tron
$0.10412340-0.28%
Chainlink
$16.14+1.49%
Toncoin
$2.36+2.28%
Polkadot
$5.96+6.14%
PlayIconNav
Crypto Prices CoinDesk Market Index CoinDesk Market Index
Technology

North Korea Hackers Likely Exploit Cloud Mining to Launder Stolen Crypto, Research Shows

The APT43 group steals crypto to fund operations and launders it through cloud mining services.

By Eliza Gkritsi
AccessTimeIconMar 28, 2023 at 3:00 p.m. UTC
Updated Mar 29, 2023 at 5:00 p.m. UTC
VolumeMuteUnmute
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

North Korean hacker group APT43 probably uses cloud mining services to launder stolen crypto, according to research by Google-owned cybersecurity firm Mandiant.

Cloud mining services own and operate infrastructure and rent out hashrate to users. Hashrate is a measure of the total amount of computer processing power to secure a cryptocurrency. APT43 uses stolen cryptocurrency to pay for these services and receives crypto not associated with the crime to wallets of its choice, according to the report released on Tuesday.

The group is "moderately sophisticated" and supports the strategic and nuclear objectives of the North Korean regime, according to Mandiant. It uses the proceeds from cybercrime to fund its operations, which target South Korean and U.S. government organizations, academics and think tanks focused on the geopolitics of the Korean peninsula, the report said.

To acquire the crypto, APT43 steals credentials, often by phishing attacks. That is, it creates legitimate-looking websites – for example, a site masquerading as a crypto exchange – and persuades unsuspecting users to reveal personal information.

North Korean hackers have been increasingly including crypto in their operations, often in high-profile digital heists like the $100 million Horizon Bridge theft, according to the FBI. Authorities around the world, particularly in the U.S. and South Korea, are trying to combat the threat.

Mandiant was acquired by Google and integrated into its cloud service in September 2022.

Read more: FBI: North Korean Hackers Behind $100M Horizon Bridge Theft

Edited by Sheldon Reback.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.

Eliza Gkritsi
Eliza Gkritsi

Eliza Gkritsi is a CoinDesk contributor focused on the intersection of crypto and AI.

Follow @egreechee on Twitter

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.