The recent theft of $100 million from cryptocurrency firm Harmony has been attributed to North Korea’s Lazarus Group and APT28, as confirmed by the US Federal Bureau of Investigation (FBI). In a blog post released on Monday, the FBI revealed that the cyber actors from North Korea used the privacy protocol Railgun to launder over $60 million worth of Ethereum stolen during the heist.
According to the FBI, a portion of the stolen Ethereum was converted to bitcoin and sent to various virtual asset service providers. While some of these funds were frozen in collaboration with the service providers, the remaining Bitcoin was traced to 11 identified addresses. The FBI’s Los Angeles and Charlotte offices are actively working to disrupt North Korea’s theft and laundering of virtual currency, which is believed to fund the country’s ballistic missile and weapons of mass destruction programs.
Kevin Bocek, VP of security strategy and threat intelligence at Venafi, explained that Lazarus Group is known for stealing cryptocurrency by exploiting machine identities. He emphasized the importance of safeguarding machine identities, as compromised private keys can enable threat actors like Lazarus to decrypt data and siphon off funds. Bocek also highlighted that North Korean threat groups often engage in financial cybercrime to evade international sanctions and fund weapons programs.
The association of the Lazarus Group with the Harmony hack was initially suggested by blockchain analytics company Elliptic shortly after the breach was disclosed. Recent activities linked to the threat actors include the exploitation of a Dell driver vulnerability and macOS malware infections.
In light of these developments, it is crucial for companies operating in the cryptocurrency industry to enhance their cybersecurity measures and protect their machine identities. The unregulated nature of the cryptocurrency sector makes it an attractive target for threat actors seeking financial gain. By staying vigilant and implementing robust security practices, organizations can mitigate the risk of falling victim to cyber attacks orchestrated by groups like Lazarus and APT28.