North Korean cybercriminals pilfered almost $400 million worth of cryptocurrency in 2021, and it looks like they are amping up their operation this year to raise funds through crypto heists.

Internet security company Mandiant revealed in a new post that the North Korean regime is using hackers to raise funds. It claimed that malicious actors aligned with the communist country have shifted their focus from thefts of COVID-19 vaccine research to stealing cryptocurrencies.

"Over time, we began to see this organization shift from "strictly COVID-19" efforts to the targeting of defectors, defense and governments, bloggers, media, cryptocurrency services and financial institutions," the blog post disclosed.

A North Korea flag flutters next to concertina wire at the North Korean embassy in Kuala Lumpur, Malaysia March 9, 2017.
A North Korea flag flutters next to concertina wire at the North Korean embassy in Kuala Lumpur, Malaysia March 9, 2017. Reuters / Edgar Su

"The country’s espionage operations are believed to be reflective of the regime’s immediate concerns and priorities, which is likely currently focused on acquiring financial resources through crypto heists, targeting of media, news, and political entities, information on foreign relations and nuclear information, and a slight decline in the once spiked stealing of COVID-19 vaccine research," the security firm added.

Mandiant believes that North Korea is most likely utilizing the funds to support vaccines and weapons development in the country. It is also the Socialist state's way to blunt the effects of the sanctions imposed by the U.S. and other countries.

"Information collected in these campaigns will possibly be used to develop or produce internal items and strategies, such as vaccines, mitigations to bypass sanctions, funding for the country’s weapons programs, and so on," the report noted.

Chainalysis, a software company helping government and cryptocurrency firms, reported earlier this year that North Korean cybercriminals have launched at least seven attacks on cryptocurrency platforms that netted them nearly $400 million worth of tokens in 2021. It claimed that the activities of the hackers aligned with the Socialist state have spiked with the value of the exploits growing by almost half.

"In 2021, North Korean hacking activity was on the rise once again. From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40 percent," Chainalysis revealed.

The software company also disclosed the modus operandi of cybercriminals. "These attacks targeted primarily investment firms and centralized exchanges and made use of phishing lures, code exploits, malware, and advanced social engineering to siphon funds out of these organizations’ internet-connected 'hot' wallets into DPRK-controlled addresses. Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out," Chainalysis said.

RELATED STORIES