Microsoft’s recent report has revealed some alarming facts about North Korea’s cyberattacks specifically targeted at cryptocurrency organizations.
North Korean hackers stole more than 3 billion dollars in cryptocurrency assets since 2017. Significant thefts are expected in 2023.
This report also revealed that these funds were used to finance over half of North Korea’s nuclear and missile program, showing the link between cybercrime as well as the country’s geopolitical goals.
Cyberattacks by other countries, such as Iran and Russia are also a high profile part of the threat landscape.
North Korean cyber theft will reach $1 billion by 2023.
Microsoft’s Digital Defense Report 2024 shows that North Korean hackers are becoming more aggressive when it comes to attacking cryptocurrency platforms.
Crypto assets worth between 600 million dollars and one billion dollars were stolen in 2023, which funded more than half the North Korean nuclear and missile programs.
North Korea can use this significant resource to avoid international sanctions and achieve its strategic goals around the world.
These attacks generate funds that are crucial to North Korea, and directly support its development of nuclear weapons.
Microsoft’s report highlights three North Korean hacker group Jade Sleet. Sapphire Sleet and Citrine Sleet are also mentioned.
Since 2023, these groups have targeted cryptocurrency exchanges and blockchain companies as well as digital wallets.
Moonstone Sleet is a North Korean group that has recently emerged as a threat. They have developed an unique variant of ransomware called FakePenny. This has been used against aerospace and defense firms.
North Korea has been able to use the attacks not only as a means of disrupting critical industries, but also for syphoning financial resources and thereby strengthening its regime.
Moonstone Sleet, a custom-made ransomware that has risen in popularity
Moonstone Sleet, a North Korean ransomware, has been spotted in cyberspace. Its custom variant FakePenny is designed to target highly specific attacks.
The group is primarily targeting the defense and aerospace industry, stealing sensitive information from compromised systems prior to deploying ransomware.
FakePenny’s ability to avoid traditional detection techniques makes it an important tool in North Korea’s cyber arsenal.
North Korea is committed to using cyber-tools and ransomware to achieve its geopolitical objectives.
Iranian and Russian cyber-actors add to global threats
Microsoft’s cyber-threat report identifies Iranians and Russians as major players on the global cyber-threat landscape.
Iranian hackers are increasingly motivated by geopolitical tensions and have targeted Israel, US and Gulf countries like UAE and Bahrain.
The actors are now focusing on financial motives, as opposed to destructive ransomware attacks. This reflects their increasing interest in financing cyber operations.
Russian cyber-espionage groups have outsourced their operations and adopted commodity malware. This has further complicated the cybersecurity landscape around the world.
Cybercriminals from North Korea, Iran, and Russia are a good example of the increasing intersection between cybercrime, geopolitical interests, and cybercrime.
North Korea’s ability to fund its nuclear weapons programme through crypto-theft highlights the dependence of the country on cyberattacks in order to avoid economic sanctions.
Cybercrime has also become a part of statecraft, as demonstrated by Iran’s cyber-operations against geopolitical enemies and Russia’s outsourced espionage.
The global cyber landscape will become increasingly complex as nation-states rely more on cyberattacks in order to achieve their strategic objectives.
Global governments and organisations have been prompted to strengthen their cybersecurity defences by the scale and sophistication these cyberattacks. The report does highlight the difficulties of dealing with a threat that is constantly evolving and dynamic.
The ICD published the report North Korean hackers stole $3B worth of crypto in 2017