N. Korean hacking group Kimsuky funds Pyongyang's espionage operations through cybercrimes
By Kim Boram
SEOUL, April 4 (Yonhap) -- A North Korean hacking group known as Kimsuky has hacked cryptocurrency to fund the country's espionage operations related to its nuclear program, Mandiant, Google's cybersecurity unit, said Tuesday.
In a recently published report, Mandiant said it has tracked the state-backed hacker group, classified as APT43, over the past five years and found out that Kimsuky has committed cybercrimes to financially support Pyongyang's nuclear weapons program.
"This is a group that has done some cybercrime particularly targeting cryptocurrency," said Luke McNamara, principal analyst at Mandiant, in an online press conference for South Korean media. "We believe their primary mission is cyber espionage, gathering secrets for the North Korean government, particularly around nuclear policy."
He said APT43 is part of the Reconnaissance General Bureau (RGB) in the North Korean government, along with other secret operations groups like APT38, Temp Hermit and Andariel, which are widely called Lazarus.
Those groups are believed to share malware and hacking codes to carry out their mission to bring in money for the North Korean government to fund the weapons program.
"APT43 carries out a variety of different financially motivated activity, primarily focused on stealing cryptocurrency within this category of activity," he said. "And one of the things they do to try to make that cryptocurrency that they have stolen more difficult to trace by law enforcement is by rolling that into or using that to pay for cloud mining or hash rental services."
They laundered the stolen cyber money through cloud mining services, allowing the country to disrupt the trail of those stolen funds.
He noted that North Korea has used the laundered money to collect information about nuclear weapons by sending spear-phishing emails targeting policymakers or researchers in South Korea and the United States to ask for in-depth analysis of North Korean issues.
"They didn't even send any malware. They simply asked someone who was working on policy matters to provide their strategic analysis of what was going on," he said. "And a lot of targets who had been sent emails like this have freely responded and given responses to APT43, which as we know is North Korea's RGB."
APT43 has also approached global pharmaceutical firms to get information on COVID-19 vaccines and treatment during the pandemic.
"Particularly since 2020, they targeted pharmaceuticals when the pandemic started and when there was a lot of work on vaccine treatments and other treatments for COVID-19," he said.
North Korea's cybercrimes will be more active and versatile from now on as they are playing a crucial role in giving financial support to the North Korean government, which is currently intensifying military provocations amid signs of a looming nuclear test.
"We expect APT43 will continue to be very prolific and very active, carrying out its mission of espionage," he said. "As North Korea continues its weapons program and as North Korea continues its missile tests, we expect APT43 to continue carrying out its operations because this is a key part of what this group is supporting."
Yoon gov't unveils National Security Strategy highlighting N.K. threat
S. Korea expresses 'stern' protest to China, Russia over air defense zone incursion
(LEAD) S. Korea wins seat on U.N. Security Council for 2024-25
4 Chinese, 4 Russian military planes enter S. Korea's air defense zone without notice: S. Korean military
(3rd LD) S. Korea wins seat on U.N. Security Council for 2024-25
(News Focus) Failed N.K. space rocket launch shows both technological challenges, growing space ambitions: analysts
N. Korea's 1st military spy satellite launch likely be timed with key July anniv.: experts
Washington Declaration quells debate over S. Korea's nuclear armament but does little to contain N. Korea: experts
Five years after its full nuke armament claim, N. Korea's threat becomes real, further complicated
(News Focus) S. Korea grapples with calls for nuclear armament