The North Korean cybercrime operator APT43 is using cloud computing to launder cryptocurrency, a report from cybersecurity service Mandiant has found. According to the researchers, the North Korean group uses “stolen crypto to mine for clean crypto.”
Mandiant, a Google subsidiary, has been tracking the North Korean Advanced Persistent Threat (APT) group since 2018 but has only now “graduated” the group to an independent identity. Mandiant characterized the group as a “major player” that often cooperated with other groups.
Although its main activity was spying on South Korea, Mandiant found that APT43 was likely engaged in raising funds for the North Korean regime and funding itself through its illicit operations. Apparently the group has been successful in those pursuits:
The researchers detected the North Korean group’s “likely use of hash rental and cloud mining services to launder stolen cryptocurrency into clean cryptocurrency.”
@Mandiant has graduated a new prolific group #APT43 which generally aligns to #kimsuky. Read more in the blog/report/webinar:https://t.co/GY2sx2wlSehttps://t.co/VZbvGUYqKHhttps://t.co/5Mvk740woW
Hash rental and cloud mining are similar practices that involve renting crypto mining capacity. According to Mandiant, they make it possible to mine crypto “to a wallet selected by the buyer without any blockchain-basedassociation to the buyer’s original payments.”
Mandiant identified payment methods, aliases, and addresses used for purchases by the group. PayPal, American Express cards and “Bitcoin likely derived from previous operations” were the payment methods the group used.
Related: South Korea sets independent sanctions for crypto theft against North Korea
In addition, APT43 was implicated in the
Read more on cointelegraph.com