$3B Worth Crypto Stolen by North Korean Hackers Since 2017: Report

Author

Sujha Sundararajan

Author

Sujha Sundararajan

About Author

Sujha has been recognised as 🟣 Women In Crypto 2024 🟣 by BeInCrypto for her leadership in crypto journalism.

Share

Last updated:

October 17, 2024 05:38 EDT

Why Trust Cryptonews

With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict editorial standards, ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets. Read more about Cryptonews

A recent study by Microsoft revealed that North Korean hackers have stolen more than $3 billion in cryptocurrency since 2017. The heists total between $600 million and $1 billion in 2023 alone.

Microsoft’s Digital Defense Report for 2024 highlighted the complexity of the global cyber threat landscape, driven by increasing crypto attacks.

Per the report, unveiled Thursday, the stolen crypto funds reportedly finance over half of North Korea’s nuclear and missile programs. White House Cyber Deputy National Security Advisor Anne Neuberger noted that North Korea’s misuse of these tactics is increasing.

The country uses cryptos “to evade harsh sanctions and support its ambitions to project geopolitical power through nuclear weapons and ballistic missiles.”

Since 2023, Microsoft has identified three major North Korean threat groups Jade Sleet, Sapphire Sleet, and Citrine Sleet. These players have been particularly active in targeting cryptocurrency organisations, it added.

Additionally, Moonstone Sleet, a new North Korean threat actor, developed a custom ransomware variant called FakePenny. The notorious group deployed the ransomware at defence and aerospace organisations after exfiltrating data from the impacted networks.

Microsoft analysts noted that the emergence of threat actor groups suggests an increasing use of cybercriminal tools to boost the North Korean regime’s financial resources.

Microsoft Report Identifies Iranian, Russian Threat Actors

In addition to North Korean threat groups, the Microsoft report also identified Iranian nation-state threat actors seeking financial gains from scandalous cyber operations.

“This marks a change from previous behaviour, whereby ransomware attacks that were designed to appear financially motivated were actually destructive attacks,” the report read.

Iran placed significant focus on Israel, especially after the outbreak of the Israel-Hamas war. Iranian actors have continued to target the US and Gulf countries, including the UAE and Bahrain, the report added.

Additionally, Russian threat actor groups have integrated more commodity malware in their operations, outsourcing cyber espionage operations to criminal groups.