US Federal Bureau of Investigation (FBI) confirms North Korean Lazarus Group and APT28 were behind 100 million dollar theft From cryptocurrency company Harmony revealed in June 2022.
The bureau wrote on its official blog on Monday that it found that North Korean cyber attackers used the privacy protocol Railgun to launder more than $60 million in Ethereum (ETH) stolen during the robbery.
“Some of this stolen Ethereum was then sent to multiple virtual asset service providers and converted to Bitcoin (BTC),” it said. director.
The FBI also said that while some of these funds were frozen (in conjunction with some virtual asset service providers), the remaining bitcoins were eventually moved to 11 identified addresses. .
“FBI Los Angeles and FBI Charlotte […] We will continue to identify and disrupt North Korea’s theft and laundering of cryptocurrencies used to support its ballistic missile and weapons of mass destruction programs,” the Secretariat wrote.
According to Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at comeLazarus is known to steal cryptocurrency by abusing machine identities, so the attribution of the Harmony attack is not surprising.
“In disclosing the breach, Harmony provided evidence that the private key (a core component of the machine identity) had been compromised, opening the door for Lazarus to decrypt the data and siphon off the funds. This shows the power of machine identities in the wrong hands.”
Bocek further explained that Venafi’s research showed that attacks from North Korean threat groups were often financial.
“Cybercrime has become a vital cog in the survival of Kim’s dictatorship, allowing North Korea to evade international sanctions and fund its weapons programme,” the security expert added.
“Companies that offer financial interests to North Korean threat groups are likely targets, especially in the relatively loosely regulated cryptocurrency industry.”
The fact that Lazarus Group may be behind the $100 million Harmony hack first proposed Days after the breach was revealed by blockchain analytics firm Elliptic.
Recently, threat actors have Dell Driver Vulnerability and a series of macOS malware infection.
