A recent report by cybersecurity firm Mandiant reveals that North Korean hacking group APT43, also known as Kimsuky, may be using cloud mining services to launder cryptocurrency stolen from its victims. Cloud mining is a process where a user rents computing power from a third-party provider to mine cryptocurrency, allowing the user to avoid the costs associated with buying and maintaining their own hardware. Mandiant’s research suggests that APT43 has been using this method to mine cryptocurrency and transfer the funds to their own wallets, effectively laundering the stolen funds.
Joe Dobson, a Mandiant threat intelligence analyst, explains, “This is like a bank robber stealing silver from a bank vault and then going to a gold miner and paying the miner in stolen silver. Everyone’s looking for the silver while the bank robber’s walking around with fresh, newly mined gold.” APT43 has been active in the cryptocurrency space since at least 2018, targeting exchanges and other cryptocurrency-related entities. The use of cloud mining to launder stolen funds is a new tactic for this group, as they have previously used other methods such as mixing services and peer-to-peer marketplaces.
Mandiant’s report suggests that this new tactic may be a response to increased scrutiny and regulation of cryptocurrency exchanges, making it more difficult for the group to cash out their stolen funds. The report also notes that APT43 likely works on behalf of the North Korean government, which has been known to use cyber attacks to generate revenue for the regime. The use of cryptocurrency allows North Korea to bypass traditional banking systems and sanctions, making it an attractive target for state-sponsored cyber attacks.
The report serves as a reminder of the ongoing threat posed by state-sponsored hacking groups, particularly those with the backing of hostile governments. As the use of cryptocurrency continues to grow, we will likely see more sophisticated methods of laundering stolen funds emerge, making it all the more important for businesses and individuals to remain vigilant against cyber threats.
