North Korean hackers, Using Russian Internet network to steal cryptocurrency

Evidence has been detected that a cybercrime organization linked to North Korea is targeting global cryptocurrency through Russia's internet infrastructure. The security company Trend Micro announced in a report released on the 24th (local time) that it had tracked several IP addresses allocated to Khasan and Khabarovsk, and found that these addresses were used in the activities of North Korean hackers.

These IPs were hidden in a large-scale anonymization network composed of commercial virtual private networks (VPN), proxy servers, and Remote Desktop Protocol (RDP), and Trend Micro analyzed that North Korean hackers launched cyberattacks via the Russian communication infrastructure based on this. The network is known to have started being built in 2017, and its scale has further expanded from 2023.

The report also speculated that North Korea deployed IT personnel in regions like Russia, China, and Pakistan, linking IP addresses of Russia and North Korea. They used Russian IPs to access job platforms and cryptocurrency-related services to reach IT experts in the United States, Germany, and Ukraine. After deceiving victims through fake companies and disguised interviews, they stole information or assets related to cryptocurrency.

Trend Micro analyzed that hackers are targeting experts interested in Blockchain, Web 3.0, and Cryptocurrency, noting that sophisticated social engineering attacks are being combined beyond simple technical hacking. There were also hacking attempts using Russian IPs to combine random numbers to crack wallet passwords.

North Korea has already been suspected for years by the international community of obtaining foreign currency through hacking and stealing from cryptocurrency exchanges and using it for weapons of mass destruction development funds. In fact, the three countries, South Korea, the United States, and Japan, officially identified North Korea as the party behind a massive cryptocurrency theft of $660 million in a joint statement last January.

Additionally, in February of this year, coins worth $1.46 billion were leaked from the global cryptocurrency exchange Bybit, and this incident is also suspected to be the work of North Korea's hacking group Lazarus.

Experts warn that North Korea is advancing its cybercrime tools utilizing increasingly sophisticated technology and the global internet network for sanction evasion and fund acquisition.