New Report Exposes How North Korean Hackers Use Cloud Computing to Launder Crypto Loot – Should You Be Worried?

cryptonews.com:

North Korean hackers are renting cloud-based mining services to launder their stolen crypto funds amid the recent clampdown on crypto mixing services. 

According to a report by Google-owned cybersecurity firm Mandiant, Pyongyang-based hacking group APT43, also known as Kimuski, buys cloud mining services with its stolen funds to produce clean crypto with no blockchain-based connections for law enforcement to trace.

“APT43 steals and launders enough cryptocurrency to buy operational infrastructure in a manner aligned with North Korea’s juche state ideology of self-reliance, therefore reducing fiscal strain on the central government.”

Cloud mining services allow users to mine cryptocurrencies such as Bitcoin using rented cloud computing power without installing or directly running the hardware and related software. 

This saves miners from having to buy and set up their own local mining rigs. 

Mandiant, which has been tracking the North Korean Advanced Persistent Threat (APT) group since 2018, characterized the group as a “major player” that often cooperated with other groups.

However, the security firm noted that APT43 most likely carries out phishing attempts to fund its own operations in contrast to other North Korean groups such as APT38, which are likely primarily tasked to bring in funds for the regime.

"Associated activity included identified payment methods, aliases, and addresses used for purchases, and the likely use of hash rental and cloud mining services to launder stolen cryptocurrency into clean cryptocurrency."

Mandiant also noted that the group used several payment methods to purchase infrastructure and hardware including PayPal, American Express cards, and other services that can be used for future attacks. 

In