North Korean hacker group APT43 probably uses cloud mining services to launder stolen crypto, according to research by Google-owned cybersecurity firm Mandiant.
Cloud mining services own and operate infrastructure and rent out hashrate to users. Hashrate is a measure of the total amount of computer processing power to secure a cryptocurrency. APT43 uses stolen cryptocurrency to pay for these services and receives crypto not associated with the crime to wallets of its choice, according to the report released on Tuesday.
The group is "moderately sophisticated" and supports the strategic and nuclear objectives of the North Korean regime, according to Mandiant. It uses the proceeds from cybercrime to fund its operations, which target South Korean and U.S. government organizations, academics and think tanks focused on the geopolitics of the Korean peninsula, the report said.
To acquire the crypto, APT43 steals credentials, often by phishing attacks. That is, it creates legitimate-looking websites – for example, a site masquerading as a crypto exchange – and persuades unsuspecting users to reveal personal information.
Mandiant was acquired by Google and integrated into its cloud service in September 2022.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.