Cryptocurrency exchange Bybit was hacked on February 21, with about 500,000 ETH, worth nearly $1.5 billion, stolen, making it the largest hacker theft in cryptocurrency history. The mastermind behind this cybercrime is the notorious North Korean hacker group Lazarus Group.
For years, the community has been curious about how North Korea, as an authoritarian state, not only faces sanctions from many countries, but also has strict control over its people's access to information and the internet, can still give birth to a team with world-class hacking skills. This article will discuss the possible reasons behind this with readers.
Why North Korea Can Spawn the Hacker Organization Lazarus
According to The Economist in June 2022 and March 19, 2023, the core reason why Lazarus can be born and grow into the most threatening cybercrime organization globally in the closed country of North Korea is the strong support from the North Korean government, with rumors even suggesting that North Korean leader Kim Jong-un sees it as "an all-powerful sword" that can expand North Korea's advantages in asymmetric warfare.
Specifically, the North Korean government's support for Lazarus includes:
- Belonging to the North Korean government's intelligence agency, the Reconnaissance General Bureau (RGB): Relevant research shows that Lazarus is directly supported by the North Korean government and is mainly responsible for overseeing and guiding the country's cyber warfare activities, so its hacking activities are not subject to legal constraints within North Korea, unlike in other countries where they may be affected by international pressure and government intervention.
- Systematic professional cultivation: North Korea has a very systematic technical training for Lazarus members, including:
- 1) Hacker members are selected from a young age, around 10 years old, and sent to special schools for concentrated learning.
- 2) North Korea has established multiple relevant educational institutions, including Kim Chaek University of Technology and Kim Il-sung University, and after completing their university education, some students will be sent to even more advanced educational institutions for further study.
- 3) Due to the lack of free internet in North Korea, these students will also be sent to other countries, such as China, for practical training.
- Generous treatment: The North Korean government provides very generous treatment for members of the hacker organization, including exemption from military service and provision of good housing.
Another possible reason may be the difference in internal motivation. We know that life in North Korea is difficult, and even a small mistake can result in a death sentence. Regular hackers may be motivated by money to carry out cyber attacks, but these hackers may be motivated by the need to survive, and thus they will go to great lengths to breach the security defenses of various organizations.
Experts point out that North Korea faces economic sanctions from the international community, and the stolen cryptocurrency has become a lifeline for the country. The Economist estimates that in 2023, North Korea's income from cyber theft will account for half of its foreign exchange earnings, and these illicit funds are used to consolidate Kim Jong-un's regime and develop missiles and nuclear weapons.
What are the common attack methods of North Korean hackers?
- Phishing attacks: Using carefully designed emails, they target specific individuals (such as corporate executives, IT personnel, or cryptocurrency platform employees) with personalized messages to lure them into clicking on malicious links or downloading attachments.
- Malware deployment: North Korean hackers are skilled at developing and deploying specialized malware to steal, disrupt, or extort from target systems. Common examples include ransomware and Trojan viruses.
- Exploiting system vulnerabilities: They search for and exploit known and zero-day vulnerabilities in software or networks to bypass security defenses.
- Social engineering attacks: By impersonating identities or building trust relationships, they induce targets to provide sensitive information or perform dangerous operations.
- DDoS attacks: This involves using large amounts of traffic to overwhelm target servers, rendering them unable to function normally, often as a distraction or retaliation tactic.
- Money laundering and fund transfers: Finally, North Korean hackers are well-versed in money laundering processes, often using complex money laundering networks, including the use of cryptocurrencies, to convert stolen funds into cash or obscure their origins. As Elliptic analyst Tom Robinson told The Economist, "Lazarus is the most experienced crypto-money launderer we've ever encountered..."
The Global Malicious Record of North Korean Hackers
The famous attacks launched by the North Korean hacker group Lazarus include, but are not limited to, the following:
- The earliest known attack by North Korean hackers was the "Trojan Operation" from 2009 to 2012, which was a cyber espionage activity where they used DDoS attacks, targeting the South Korean government.
- In 2014, the organization attacked Sony Pictures, leaking confidential data and causing network outages, in retaliation for the release of the film "The Interview".
- Attacks on major banks, including stealing $12 million from Banco de Austral in Ecuador and $1 million from Tien Phong Bank in Vietnam.
- In 2017, they launched the WannaCry attack, a global ransomware attack that affected more than 150 countries and caused significant damage to healthcare systems and business operations.
- In the cryptocurrency sector, in addition to the Bybit exchange theft earlier this year, the Ronin network, where Axie Infinity is located, was previously robbed of $620 million in cryptocurrency.
Finally, Blockcast also reminds readers that in the era of the Internet, hacker attacks are ubiquitous, and cryptocurrencies are a prime target for hackers to directly steal funds. Therefore, readers should be cautious when browsing the Internet or investing in cryptocurrencies to avoid unnecessary losses.
