North Korean hacking group APT43 found to rely on cryptocurrency crime
A report from security firm Mandiant has found that a North Korean hacking group called APT43 relies on cryptocurrencies. March 28th.
APT43 uses cryptocurrencies
According to Mandiant, APT43’s main purpose is espionage, but they are also involved in various types of crimes, both cryptocurrency-related and non-cryptocurrency related.
According to Mandiant, APT43 steals user credentials through phishing. This means impersonating online services such as cryptocurrency exchanges or search engines. For example, APT43 at one point created a malicious app targeting Chinese users seeking cryptocurrency loans.
The Mandiant report says APT43 uses cryptocurrency services to launder stolen currency. Hacking Group added that it also rents cloud mining services to obtain cryptocurrencies that cannot be linked to the original payment method.
Mandiant says APT43’s techniques are connected to other groups or “clusters.” Crypto-related malware such as PENCILDOWN and LONEJOGGER are shared this way.
Who is at risk and how big is the threat?
According to Mandiant, APT43 often targets South Korea, the United States, Japan and Europe. This group primarily uses spear-phishing messages to target individuals within organizations. Zero-day vulnerabilities are not known to be exploited through direct hacking.
Mandiant’s report does not state the total amount or amount of cryptocurrency stolen by APT43. However, Mandiant says APT43 has stolen enough cryptocurrency to become self-sufficient and self-funded.
APT43 has only just entered the public eye, but has been around for years. Mandiant said the group has been tracking him since 2018. The group focused primarily on attacks related to the healthcare sector to take advantage of the pandemic response in 2021.
Not all users are necessarily potential targets of APT43, but cryptocurrency investors should take precautions against common scams and scams.