“You are mistaken if you think that you will have moral qualms about attacking someone else’s network,” said Jang Se-iul, a Mirim College graduate who served as an officer in the North Korean military before defecting to South Korea in 2008. in an interview. “For them, cyberspace is a battlefield, and they’re out there fighting enemies who are harming their country.”
Mr. Jang said North Korea initially started building its electronic warfare capability for defense purposes, but soon realized it could be a powerful offensive weapon against its digital enemies.
Around the time Mr. Jang arrived in Seoul, websites in South Korea and the United States were facing a wave of cyberattacks. Going by names like Lazarus, Kimsuky, and BeagleBoyz, North Korean hackers have used increasingly sophisticated tools to infiltrate military, government, corporate, and defense industry networks around the world to conduct cyberespionage and steal sensitive data to support their weapons development.
“Make no mistake, DPRK hackers are really good,” said Eric Penton-Voak, coordinator of the UN panel of experts, during a webinar in April, using the acronym of North Korea’s official name, DPRK. “They’re looking at really interesting and very gray new areas of cryptocurrency because actually A nobody really understands them and they can exploit B weaknesses.”
According to Chainaysis, North Korean hackers usually break into foreign crypto wallets through phishing attacks and lure victims with fake LinkedIn recruitment pages or other decoys. Then, the hackers use a complex set of financial tools to transfer the stolen funds, moving the loot through cryptocurrency “shufflers” that combine multiple streams of digital assets, making it harder to track the movement of a specific batch of cryptocurrency .
“They’re very methodical about the laundry,” said Erin Plante, Senior Director of Investigations at Chainalysis. “They are very methodical, moving in small numbers over long periods of time, ultimately trying to evade investigators.”