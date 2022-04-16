FBI accuses North Korean hackers of stealing more than $600 million 0:48

(CNN) — The FBI on Thursday blamed cybercriminals associated with the North Korean government for stealing more than $600 million in cryptocurrency last month from a video game company, the latest in a series of daring cyber heists linked to Pyongyang.



“Through our investigation we were able to confirm that Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the $620 million Ethereum theft reported on March 29,” the FBI said in a statement. “DPRK” is an abbreviation of the official name of North Korea, the Democratic People’s Republic of Korea, and Ethereum is a technology platform associated with a type of cryptocurrency.

The FBI was referring to the recent hack of a computer network used by Axie Infinity, a video game that allows players to earn cryptocurrency. Sky Mavis, the creator of Axie Infinity, announced on March 29 that unidentified cybercriminals had stolen on March 23 the equivalent of about $600 million, valued at the time the hack was discovered, from a “bridge,” or network that allows users to send cryptocurrencies from one blockchain to another.

The US Treasury Department on Thursday sanctioned the Lazarus Group, a large group of cybercriminals believed to be working on behalf of the North Korean government. The Treasury sanctioned the specific “wallet,” or cryptocurrency address, that was used to cash out in the Axie Infinity hack.

Cyber ​​attacks have been a major source of revenue for the North Korean regime for years as its leader Kim Jong Un has pushed ahead with nuclear weapons, according to a United Nations panel and outside cybersecurity experts.

Last month, North Korea fired what is believed to be its first intercontinental ballistic missile in more than four years.

The Lazarus Group has stolen an estimated $1.75 billion worth of cryptocurrency in recent years, according to Chainalysis, a firm that tracks digital currency transactions.

“A hack of a cryptocurrency business, as opposed to a retail one, for example, is essentially a bank robbery at internet speed and finances North Korea’s destabilizing activity and weapons proliferation,” said Ari Redbord, head of legal affairs of TRM Labs, a firm that investigates financial crimes. “As long as they are successful and profitable, they will not stop.”

While the attention of many cybersecurity analysts has focused on Russian hacking in light of the war in Ukraine, suspected North Korean hackers have been anything but quiet.

Google researchers last month revealed two alleged North Korean hacking campaigns targeting American media and IT organizations, and the cryptocurrency and fintech sectors.

It is Google’s policy to notify users that they are targeted by state-sponsored hackers.

Shane Huntley, who heads Google’s Threat Analysis Group, said that if a Google user has “any link to being involved in Bitcoin or cryptocurrencies” and receives a warning about Google’s state-backed hack, they almost always end up. being for some North Korean activity.

“It seems to be an ongoing strategy for them to supplement and make money through this activity,” Huntley told CNN.