My Learnlist: Coming Soon!
My Learnlist: Coming Soon!

Learn by real-life examples: Select, Track & Understand any cryptos with the unique Learnlist feature!

Notify Me!
Portfolio: Coming Soon!
Portfolio: Coming Soon!

Set your wallet & get powerful insights backed by data. Easily learn how to use it for your highest rewards!

Notify Me!

North Korean Cybercrime Group APT43 Uses Cloud Mining Services to Launder Crypto

North Korean Cybercrime Group APT43 Uses Cloud Mining Services to Launder Crypto

A hacker group linked to the Kim Jong-un regime, APT43, avoids any “forensic trail" of stolen funds by using mining services.

Cybersecurity firm Mandiant has reported that the North Korea-based cybercrime operator Advanced Persistent Threat (APT43) is using “stolen crypto to mine for clean crypto.”

Mandiant, a Google-owned cybersecurity firm, has been tracking the ATP43 for the past five years and has identified the group as an independent identity.

What is Yield Farming in Crypto? (Animated Explanation)

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is Yield Farming in Crypto? (Animated Explanation)

What is Yield Farming in Crypto? (Animated Explanation) What is Yield Farming in Crypto? (Animated Explanation)

The group's activities suggest that its members are part of North Korea’s spy agency Reconnaissance General Bureau, whose primary activities include espionage, hacking private industries, think tanks, and academics in South Korea, Japan, the US, and Europe. The group employs phishing tactics to steal the victim’s credentials and install malware on their computer systems.

However, Mandiant discovered that APT43 is also involved in a sideline profit-focused cybercrime, which includes stealing cryptocurrency to raise funds for the North Korean regime or to fund the group’s operations.

APT43 steals and launders enough cryptocurrency to buy operational infrastructure in a manner aligned with North Korea’s juche state ideology of self-reliance, therefore reducing fiscal strain on the central government.

The report reveals that ATP43 pays the stolen digital tokens into a “hashing service” that allows users to rent cloud-based mining services, receiving newly mined cryptocurrencies. These new coins do not have any apparent ties to criminal activity.

This method allows the group to cash out the stolen funds while preventing them from being frozen or seized. A Mandiant Threat intelligence analyst Joe Dobson described the procedure as “breaking the chain,” explaining that it avoids any “forensic trail of evidence” on the blockchain networks.

Mandiant started noticing signs of APT43’s crypto laundering activities in August 2022. Since then, it has identified tens of thousands of dollars worth of cryptocurrency sent to cloud mining providers such as Hashing24 and NiceHash.

The cybersecurity firm identified American Express Cards, PayPal, and “Bitcoin likely derived from previous operations" as the payment methods used for various purchases.

APT43 is also accused of using Android malware to steal the credentials of customers looking for crypto loans in China.

It appears that North Korean hackers are also connected to a recent Euler Finance attack. On March 17th, the hacker behind the Euler Finance attack moved 100 Ether (ETH) to an address previously linked to North Korean hackers.


Watch a short Lighthouse course & get 2 FREE Avatar NFTs + win Spatial Metaverse Space!

Claim Your Rewards
Learnoverse Astra Learnoverse Astra


Earn Huge Exclusive Binance Learners Rewards