Brief Overview:
•A U.S. court ordered the seizure of 279 cryptocurrency accounts linked to North Korea.
•North Korea uses new malware called "Durian" to bypass sanctions.
•The funds obtained by hackers are used to support North Korea’s nuclear program.
Judge Timothy Kelly of the U.S. District Court for the District of Columbia has issued an order seizing 279 cryptocurrency accounts linked to North Korean operatives.
The move strengthens the fight against international money laundering and nuclear proliferation.
North Korean Cryptocurrency Hackers Using New Malware
The decision follows a series of U.S. sanctions aimed at disrupting financial networks that facilitate North Korea’s illicit activities. The case began in August 2020 and involved North Korea-linked actors moving stolen cryptocurrency to exchanges and unhosted wallets outside the United States.
These complex operations are understood to conceal the origin of stolen currency and convert it into cash, helping North Korea circumvent sanctions.
In response, Washington has stepped up its policy measures, imposing sanctions on crypto mixing services that complicate tracing the source of stolen funds. However, North Korean cybercriminal gangs have cleverly circumvented U.S. and international sanctions by creating novel money laundering methods.
These attacks, which primarily target cryptocurrency exchanges, are part of a broader pattern of cyber theft, including one in which nearly $250 million was stolen simply because an employee inadvertently downloaded a piece of malware that gave the attackers remote control and private management of these virtual assets.
Security company's investigation report
Additionally, in a recent report, cybersecurity firm Kaspersky described Durian as a remote control and data theft tool that cleverly exploits legitimate security software used by encryption companies, thereby increasing its effectiveness and stealth.
“With the help of the ‘Durian’ malware, North Korean hackers first introduced an additional malware called ‘Appleseed’, an HTTP-based backdoor tool commonly used by the Jinsuki Group,” Kaspersky explained. “They also leveraged legitimate tools including ngrok and Chrome Remote Desktop, as well as a custom proxy tool, to penetrate the target machines. Ultimately, the attackers implanted this malware with the goal of stealing data stored in the browser, including cookies and login credentials.”
In addition, according to a UN report, North Korea has amassed approximately $3 billion through cryptocurrency hacking between 2017 and 2023. These funds have greatly supported Pyongyang’s weapons program plans, covering its nuclear energy and missile development efforts.
Such funding is vital as it accounts for almost half of North Korea's foreign exchange earnings, according to the UN panel of experts.
Conclusion
The actions of North Korean hackers have transcended a simple technical challenge and have evolved into a serious issue concerning international security. A series of recent actions taken by U.S. courts aimed at cutting off North Korea's illicit funding sources not only highlight the urgency of the international community's work on this issue, but also highlight the need for global cybersecurity cooperation and the importance of jointly preventing the threat of cybercrime.
In this context, the global community needs to step up cooperation to improve defense and response measures against cyber attacks. In addition, the international community should work together to formulate and implement effective regulatory policies to prevent illegal funds from flowing to regions and activities that may cause instability and destruction, and ensure the stability and security of the global cryptocurrency market. #朝鲜黑客 #加密资产盗窃