- North Korean hacking group APT43 likely launders stolen crypto using cloud mining, a cybersecurity firm found.
- The group acquires crypto via targeted phishing attacks, like posing as a website or company.
APT43, a North Korean hacking group, is likely using cloud services to launder stolen cryptocurrency, according to a new report from Mandiant, a cybersecurity firm owned by Google.
The group is a "moderately-sophisticated cyber operator" that supports the interests of the North Korean regime, the researchers noted, and they use hacking and cybercrime to fund their activities.
Cloud mining services own infrastructure underpinning the technology that secures cryptocurrency. APT43, Mandiant found, uses stolen crypto to pay for these services, which it then uses to accrue crypto that isn't associated with crime.
"[T]he ultimate aim of campaigns is most likely centered around enabling North Korea's weapons program, including: collecting information about international negotiations, sanctions policy, and other country's foreign relations and domestic politics as these may affect North Korea's nuclear ambitions," the Mandiant report said.
The group acquires crypto via targeted phishing attacks, like posing as a website or company, to persuade people to share personal information that can then be exploited.
The news comes as other researchers have found a similar uptick in North Korean hacking activity this year. Kaspersky said in January that the Lazarus Group — which was responsible for the $625 million Axie Infinity hack last April — was mimicking venture capital firms and banks in an effort to swindle crypto.
"Over the last year or so, we've moved from a post 9/11 world into a new digital battlefield," Ari Redbord, head of legal and government affairs at TRM Labs, told Insider previously. "Nation-state actors know to go after crypto businesses to fund real weapon proliferation, it's not just some hackers trying to fund a lifestyle."