N. Korean hacking group Kimsuky funds Pyongyang's espionage operations through cybercrimes

This image provided by Mandiant highlights the North Korean hacker group APT43, also known as Kimsuky. Yonhap

A North Korean hacking group known as Kimsuky has hacked cryptocurrency to fund the country's espionage operations related to its nuclear program, Mandiant, Google's cybersecurity unit, said Tuesday.

In a recently published report, Mandiant said it has tracked the state-backed hacker group, classified as APT43, over the past five years and found out that Kimsuky has committed cybercrimes to financially support Pyongyang's nuclear weapons program.

"This is a group that has done some cybercrime particularly targeting cryptocurrency," said Luke McNamara, principal analyst at Mandiant, in an online press conference for South Korean media. "We believe their primary mission is cyber espionage, gathering secrets for the North Korean government, particularly around nuclear policy."

He said APT43 is part of the Reconnaissance General Bureau (RGB) in the North Korean government, along with other secret operations groups like APT38, Temp Hermit and Andariel, which are widely called Lazarus.

Those groups are believed to share malware and hacking codes to carry out their mission to bring in money for the North Korean government to fund the weapons program.

"APT43 carries out a variety of different financially motivated activity, primarily focused on stealing cryptocurrency within this category of activity," he said. "And one of the things they do to try to make that cryptocurrency that they have stolen more difficult to trace by law enforcement is by rolling that into or using that to pay for cloud mining or hash rental services."

They laundered the stolen cyber money through cloud mining services, allowing the country to disrupt the trail of those stolen funds.

He noted that North Korea has used the laundered money to collect information about nuclear weapons by sending spear-phishing emails targeting policymakers or researchers in South Korea and the United States to ask for in-depth analysis of North Korean issues.

"They didn't even send any malware. They simply asked someone who was working on policy matters to provide their strategic analysis of what was going on," he said. "And a lot of targets who had been sent emails like this have freely responded and given responses to APT43, which as we know is North Korea's RGB."

Luke McNamara, principal analyst at Mandiant, is shown in this photo provided by Mandiant. Yonhap

APT43 has also approached global pharmaceutical firms to get information on COVID-19 vaccines and treatment during the pandemic.

"Particularly since 2020, they targeted pharmaceuticals when the pandemic started and when there was a lot of work on vaccine treatments and other treatments for COVID-19," he said.

North Korea's cybercrimes will be more active and versatile from now on as they are playing a crucial role in giving financial support to the North Korean government, which is currently intensifying military provocations amid signs of a looming nuclear test.

"We expect APT43 will continue to be very prolific and very active, carrying out its mission of espionage," he said. "As North Korea continues its weapons program and as North Korea continues its missile tests, we expect APT43 to continue carrying out its operations because this is a key part of what this group is supporting." (Yonhap)

最新评论