A North Korean hacking group called APT43 has been found to rely on cryptocurrency, according to a March 28 report from the security company Mandiant.
APT43 uses cryptocurrencies
Mandiant said that while APT43’s main purpose is espionage, the group also engages in various types of crime, both related and unrelated to crypto.
Mandiant said that APT43 steals user credentials through phishing, that is, by impersonating online services such as crypto exchanges and search engines. For example, APT43 at one point created a malicious app to target Chinese users looking for crypto loans.
Mandiant’s report also said that APT43 is using cryptocurrency services to launder stolen currency. It added that the hacking group also hires cloud mining services to obtain cryptocurrency that cannot be linked to the original payment method.
Mandiant said APT43’s methods are connected to other groups or “clusters.” Crypto-related malware such as PENCILDOWN and LONEJOGGER have been shared this way.
Who is at risk and how big is the threat?
Mandiant said APT43 often targets South Korea, the US, Japan and Europe. The group primarily uses spear-phishing messages to target individuals within organizations. It is not known to exploit zero-day vulnerabilities through direct hacks.
Mandiant’s report does not mention how much money APT43 stole, in total or in cryptocurrency. However, Mandiant says that APT43 stole enough cryptocurrency to run it in a self-sufficient, self-funding manner.
Although APT43 has only just come to public attention, it has been working for years. Mandiant said the group has been tracked since 2018. In 2021, the group focused largely on attacks related to the health sector to capitalize on pandemic responses.
While not all users are necessarily a potential target for APT43, cryptocurrency investors should still take precautions against scams and fraud in general.
The post North Korean hacking group APT43 found to rely on cryptocurrency crime appeared first on CryptoSlate.