Cryptonews Altcoin News

$3B Worth Crypto Stolen by North Korean Hackers Since 2017: Report

Microsoft North Korea

The stolen crypto funds reportedly finance over half of North Korea’s nuclear and missile programs.

Author

Sujha Sundararajan

Author

Sujha Sundararajan Verified

Part of the Team Since

Jun 2023

About Author

Sujha has been recognised as 🟣 Women In Crypto 2024 🟣 by BeInCrypto for her leadership in crypto journalism.

Has Also Written

Stablecoin Inflows Have Doubled to $98B Amid Selling Pressure – Report
Bitcoin Miner MARA Moves 1,318 BTC in 10 Hours, Traders Wary of Forced Miner Selling
Bitwise Files S-1 With SEC to Launch Uniswap-Focused ETF, UNI Token Slumps 16%
Bhutan Quietly Sells Over $22M in Bitcoin, Triggers Speculation Over Possible Sell-Offs
Crypto Firms Propose Concessions to Banks as Stablecoin Disputes Stall Key Crypto Bill – Report

Author Profile

Last updated:

October 17, 2024

A recent study by Microsoft revealed that North Korean hackers have stolen more than $3 billion in cryptocurrency since 2017. The heists total between $600 million and $1 billion in 2023 alone.

Microsoft’s Digital Defense Report for 2024 highlighted the complexity of the global cyber threat landscape, driven by increasing crypto attacks.

Per the report, unveiled Thursday, the stolen crypto funds reportedly finance over half of North Korea’s nuclear and missile programs. White House Cyber Deputy National Security Advisor Anne Neuberger noted that North Korea’s misuse of these tactics is increasing.

The country uses cryptos “to evade harsh sanctions and support its ambitions to project geopolitical power through nuclear weapons and ballistic missiles.”

Since 2023, Microsoft has identified three major North Korean threat groups Jade Sleet, Sapphire Sleet, and Citrine Sleet. These players have been particularly active in targeting cryptocurrency organisations, it added.

Additionally, Moonstone Sleet, a new North Korean threat actor, developed a custom ransomware variant called FakePenny. The notorious group deployed the ransomware at defence and aerospace organisations after exfiltrating data from the impacted networks.

Microsoft analysts noted that the emergence of threat actor groups suggests an increasing use of cybercriminal tools to boost the North Korean regime’s financial resources.

Microsoft Report Identifies Iranian, Russian Threat Actors

In addition to North Korean threat groups, the Microsoft report also identified Iranian nation-state threat actors seeking financial gains from scandalous cyber operations.

“This marks a change from previous behaviour, whereby ransomware attacks that were designed to appear financially motivated were actually destructive attacks,” the report read.

Iran placed significant focus on Israel, especially after the outbreak of the Israel-Hamas war. Iranian actors have continued to target the US and Gulf countries, including the UAE and Bahrain, the report added.

Additionally, Russian threat actor groups have integrated more commodity malware in their operations, outsourcing cyber espionage operations to criminal groups.