Subscribe
Regulations

“Why Are North Korean Hackers Lazarus So Powerful? Exploiting Major Corporations’ Security Flaws Amidst the Lowest Global Internet Penetration Rate, Turning Lazarus into Kim Jong-un’s Revenue Machine for Nuclear Development.”

6 Mins Read
"Why Are North Korean Hackers Lazarus So Powerful? Exploiting Major Corporations' Security Flaws Amidst the Lowest Global Internet Penetration Rate, Turning Lazarus into Kim Jong-un's Revenue Machine for Nuclear Development."
"Why Are North Korean Hackers Lazarus So Powerful? Exploiting Major Corporations' Security Flaws Amidst the Lowest Global Internet Penetration Rate, Turning Lazarus into Kim Jong-un's Revenue Machine for Nuclear Development."

Cryptocurrency Exchange Bybit suffered a devastating hack in February this year, with nearly $1.5 billion in cryptocurrency stolen by the North Korean hacker group Lazarus, marking the largest hacking theft in the history of cryptocurrency. Despite the fact that the general public in North Korea is almost entirely banned from using computers and the internet, how is it that Lazarus can repeatedly breach the security networks of major global enterprises?

(Background: FBI Warning: North Korean Hackers Lazarus Will Attack Bitcoin Spot ETFs, $52 Billion BTC at Centralized Risk)

(Background Note: New North Korean Hacker Attacks: Malware Infiltrates Exchanges, $300 Million Emptied in 100 Days)

The cryptocurrency exchange Bybit was attacked on February 21, resulting in the theft of approximately 500,000 ETH, valued at nearly $1.5 billion, making it the largest hacking theft in the history of cryptocurrency. The perpetrator behind this cyber financial crime is the notorious North Korean hacker group Lazarus.

For years, the community has been curious about how North Korea, as a centralized state not only subjected to sanctions from multiple countries but also extremely closed off internally, can give rise to a team possessing world-class hacking technology. This article discusses possible reasons behind this phenomenon.

Why North Korea Can Give Rise to Hacker Organization Lazarus

According to two reports from The Economist published in June 2022 and March 19 this year, the core reason Lazarus has been able to emerge and grow into one of the world’s most threatening cybercrime organizations from within North Korea is due to the full support of the North Korean government. There are even rumors that North Korea’s supreme leader Kim Jong-un sees it as “a universal sword” that can enhance North Korea’s advantages in asymmetric warfare.

Specifically, the North Korean government’s support for Lazarus includes:

  • Affiliation with North Korea’s official intelligence agency, the Reconnaissance General Bureau (RGB): Relevant research shows that Lazarus is directly supported by the North Korean government, primarily responsible for overseeing and guiding the country’s cyber warfare activities. Therefore, the hacking activities of this organization within North Korea are not bound by law and are not susceptible to government intervention due to international pressure, unlike in other countries.
  • Systematic professional training: North Korea provides systematic technical training for Lazarus members, including:
    1. Hacker members are selected from a young age, often sent to special schools for concentrated learning around the age of 10.
    2. North Korea has established multiple relevant educational institutions, including Kim Chaek University of Technology and * University, and after completing their university education, some students are sent to even higher-level educational institutions for further studies.
    3. Due to the lack of free internet in North Korea, these students are also sent to other countries, such as China, for practical training.
  • Generous treatment: The North Korean government offers generous benefits to members of the hacker organization, including exemptions from military service and provision of good housing.

Another possible reason may be the different internal motivations. Life in North Korea is difficult, and even a small mistake can lead to a death sentence. While ordinary hackers may conduct cyberattacks for financial gain, these hackers may be acting to survive, which drives them to break through the security defenses of major organizations by any means necessary.

Experts point out that North Korea faces economic sanctions from the international community, and the stolen cryptocurrency has already become the lifeblood of the country. The Economist estimates that in 2023, North Korea’s cyber theft profits accounted for half of its foreign exchange income, and these ill-gotten gains are used to bolster Kim Jong-un’s regime and to develop missiles and nuclear weapons.

Common Attack Methods Used by North Korean Hackers

  • Phishing Attacks: Using carefully designed emails, targeting specific individuals (such as corporate executives, IT personnel, or cryptocurrency platform employees) with personalized messages to trick them into clicking malicious links or downloading attachments.
  • Malware Deployment: North Korean hackers are adept at developing and deploying specialized malware to steal, destroy, or extort from targeted systems. Common types include ransomware and Trojan viruses.
  • Exploiting System Vulnerabilities: They search for and exploit known and zero-day vulnerabilities in software or networks to bypass security measures.
  • Social Engineering Attacks: By disguising their identities or establishing trust, they trick targets into providing sensitive information or performing dangerous actions.
  • DDoS Attacks: This involves overwhelming a target server with massive traffic, rendering it inoperable, often used as a distraction or revenge tactic.
  • Money Laundering and Fund Transfers: It is also worth noting that North Korean hackers are well-versed in the money laundering process. They often use complex laundering networks, including cryptocurrencies, to convert stolen funds into cash or obscure their origins. Tom Robinson, an analyst at the UK blockchain analysis firm Elliptic, told The Economist: “Lazarus is the most experienced cryptocurrency money launderer we’ve encountered…”

Records of North Korean Hackers’ Malicious Activities Worldwide

The Lazarus hacker group from North Korea has launched several notable attacks, including but not limited to:

  • The earliest known attack by North Korean hackers occurred during “Operation Troy” from 2009 to 2012, which was a cyber espionage campaign targeting the South Korean government using DDoS attacks.
  • In 2014, the group attacked Sony Pictures, leaking confidential information and crippling networks in retaliation for the release of the film “The Interview.”
  • Attacks on major banks, including stealing $12 million from Ecuador’s Banco del Austro and $1 million from Vietnam’s VietinBank.
  • In 2017, they launched the WannaCry attack, a globally impactful ransomware attack that affected over 150 countries, causing significant damage to healthcare systems and business operations.
  • In the cryptocurrency sector, in addition to the February Bybit exchange theft, the Ronin network of the blockchain game Axie Infinity was also hacked, resulting in the theft of $620 million in cryptocurrency.

Finally, the article reminds readers that in the age of the internet, hacker attacks are ubiquitous, and cryptocurrency is a hotbed for hackers to directly steal funds. Therefore, whether online or investing in cryptocurrency, readers should remain vigilant to avoid unnecessary losses.

Related Reports

  • About to OTC Withdraw? On-chain detective: North Korean hacker Lazarus gathers stolen assets worth $290 million.
  • Peter Schiff criticizes Trump’s crypto summit: “A disgrace for America”! The White House is held hostage by the crypto faction.
  • Paul Krugman: Trump’s Bitcoin reserve is the largest rug pull in history; cryptocurrency is a casino destined for retail investor failure.
Share.

Related Posts

Add A Comment

Leave A Reply