The North Korean cybercriminal APT43 uses cloud computing to launder cryptocurrency, according to a report by the cybersecurity firm Mandiant. The North Korean group mines for clean cryptocurrency using stolen cryptocurrency.
Since 2018, Mandiant has been observing the North Korean Advanced Persistent Threat (APT) group. However, the group has only recently “graduated” into its identity. Mandiant described the group as a “major player” that frequently collaborated with other organisations.
Even though its main activity was listening in on South Korea, Mandiant found that APT43 was likely raising money for the North Korean regime and using illegal operations to pay for itself. The group has achieved success in these endeavours.
@Mandiant has graduated a new prolific group #APT43 which generally aligns to #kimsuky. Read more in the blog/report/webinar:https://t.co/GY2sx2wlSehttps://t.co/VZbvGUYqKHhttps://t.co/5Mvk740woW
— Dan Perez (@MrDanPerez) March 28, 2023
Researchers identified the group’s possible use of hash rental and cloud mining services to launder stolen cryptocurrency into clean cryptocurrency.
Hash rental and cloud mining both entail renting cryptocurrency mining capacity. Mandiant says they can mine cryptocurrency into a wallet the buyer chooses, with no link to the buyer’s original payments on the blockchain.
Mandiant identified the payment methods, aliases, and addresses used by the group for purchases. The group used PayPal, American Express cards, and Bitcoin as payment methods, likely from other operations.
APT43 was also implicated in using Android malware to steal the credentials of Chinese individuals seeking cryptocurrency loans. Additionally, the organisation maintains multiple sham websites for credential retrieval.
North Korea has been implicated in multiple crypto thefts, including the recent $195 million Euler exploit. According to the United Nations, North Korean hackers amassed a record sum of $630 million and $1 billion in 2022. According to Chainalysis, this amount is at least $1.7 billion.