Posted on December 30, 2022 at 7:48 AM

North Korean hackers are stealing crypto assets by pretending to be venture capitalists

Lazarus Group, a state-backed hacking group based in North Korea, has made several exploits in the crypto industry. A report by Kaspersky noted that the threat actor group was impersonating venture capital firms to steal digital assets.

North Korean hackers pose as VCs to steal crypto

The report by Kaspersky noted that a group known as BlueNorOff was creating fake domains that appeared to belong to legitimate venture capital firms and banking institutions. The report noted that in most cases, the attackers created domains like cloud hosting services to host malicious payloads or documents.

The report added that the VC firms that the hackers mainly impersonated were based in Japan. These companies include ABF Capital, Angel Bridge, ANOBAKA, Beyond Next Ventures, Mitsubishi UFJ Financial Group, Sumitomo Mitsui Banking Corporation, and Z Venture.

The nature of these attacks shows that the threat actors were targeting financial institutions based in Japan. Most impersonated companies were Japan-based, showing that the hackers’ interests were in the Japanese crypto market.

Kaspersky has also noted that the attackers also target victims outside Japan. One of the victims affected by the techniques employed by BlueNorOff was a home financing firm based in the United Arab Emirates.

The report further noted that the hackers infected the victims’ devices through malware. The malware had a Japanese name, indicating that the threat actors targeted victims who could read Japanese.

“Based on the domain naming and decoy documents, we assume, with low confidence, that the entities in Japan are on the radar of this group. In one PowerPoint sample, we observed that the actor took advantage of a Japanese venture capital company,” the Kaspersky report added.

North Korean hackers target crypto

The recent attack was unique as it targeted VC firms to steal cryptocurrencies. However, this is far from the first time North Korean hackers have launched attacks on the crypto market.

In early 2022, the Sky Mavis Ronin Bridge was hacked, with the attackers draining more than $600 million from the platform. It was later revealed that the Lazarus APT group was behind the exploit, ranked as one of the largest attacks in crypto.

A recent report by South Korea’s National Intelligence Service also revealed that North Korean hackers had siphoned around $1.2 billion from the cryptocurrency market over the past five years. Over 50% of this amount was stolen in 2022 alone.

According to experts, North Korea has turned to hacking the crypto industry and engaging in other cyberattacks to support the country’s economy, which has been affected by heavy Western sanctions. An earlier report had also alleged that North Korea was using the stolen cryptocurrencies to fund its nuclear program.

According to the National Intelligence Service, North Korea has a high capacity to steal digital assets, as the country is ranked among the best globally regarding cybercrimes. Cybercrimes in North Korea skyrocketed after the UN tightened economic sanctions against the country to respond to its nuclear and missile testing programs.

The UN imposed sanctions against North Korea between 2016 and 2017. The sanctions banned some of the country’s main exports, including seafood, coal, and textiles. The move also led to one of the UN member states repatriating North Korean overseas workers. The economy of North Korea was affected by this move, and it was further affected by aggressive measures that were put in place during the COVID pandemic.

The NIS has also said that North Korean hackers sponsored by the state are estimated to have stolen $626 million in crypto assets in 2022 alone. The agency also noted that over $78 million was stolen from the South Korean crypto sector.

The agency further noted that more cyberattacks launched by North Korea would be witnessed in the coming year. Besides targeting the crypto industry, these hackers would also target other areas, such as South Korean technologies and confidential information on the foreign policy and national security of South Korea.

In February, UN experts said North Korea was stealing hundreds of millions of dollars from financial institutions and firms that offered crypto services.

On the other hand, the number of hacks and scams in the crypto industry has been high this year despite the bear market that has caused a sharp drop in prices and caused significant losses to investors. 2022 has been one of the worst years for the crypto space regarding cyberattacks.